RHEL 9 must have the rsyslog package installed.

STIG ID: RHEL-09-652010  |  SRG: SRG-OS-000479-GPOS-00224 |  Severity: medium |  CCI: CCI-000154,CCI-000366,CCI-001851 |  Vulnerability Id: V-258140 | 

Vulnerability Discussion

rsyslogd is a system utility providing support for message logging. Support for both internet and Unix domain sockets enables this utility to support both local and remote logging. Couple this utility with "gnutls" (which is a secure communications library implementing the SSL, TLS, and DTLS protocols), to create a method to securely encrypt and offload auditing.

Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000051-GPOS-00024, SRG-OS-000480-GPOS-00227

Check

Verify that RHEL 9 has the rsyslogd package installed with the following command:

$ sudo dnf list --installed rsyslog

Example output:

rsyslog.x86_64 8.2102.0-101.el9_0.1

If the "rsyslogd" package is not installed, this is a finding.

Fix

The rsyslogd package can be installed with the following command:

$ sudo dnf install rsyslogd