Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system.
Preserving operating system state information helps to facilitate operating system restart and return to the operational mode of the organization with least disruption to mission/business processes.
Check
Verify the rsyslog service is enabled and active with the following commands:
$ sudo systemctl is-enabled rsyslog
enabled
$ sudo systemctl is-active rsyslog
active
If the service is not "enabled" and "active", this is a finding.
If "rsyslog" is not enabled, ask the System Administrator how system error logging is performed on the system. If there is no evidence of system logging being performed on the system, this is a finding.
Fix
Start and enable the rsyslog service with the following commands: