Description
The rsyslog service provides syslog-style logging by default on Ubuntu 20.04.
The rsyslog service can be enabled with the following command:
$ sudo systemctl enable rsyslog.service
Rationale
The rsyslog service must be running in order to provide
logging services, which are essential to system administration.
Shell script
The following script can be run on the host to remediate the issue.
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
SYSTEMCTL\_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL\_EXEC" unmask 'rsyslog.service'
"$SYSTEMCTL\_EXEC" start 'rsyslog.service'
"$SYSTEMCTL\_EXEC" enable 'rsyslog.service'
else
>&2 echo 'Remediation is not applicable, nothing was done'
fi
Ansible playbook
The following playbook can be run with Ansible to remediate the issue.
- name: Enable service rsyslog
block:
- name: Gather the package facts
package\_facts:
manager: auto
- name: Enable service rsyslog
systemd:
name: rsyslog
enabled: 'yes'
state: started
masked: 'no'
when:
- '"rsyslog" in ansible\_facts.packages'
when: ansible\_virtualization\_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
- DISA-STIG-UBTU-20-010432
- NIST-800-53-AU-4(1)
- NIST-800-53-CM-6(a)
- enable\_strategy
- low\_complexity
- low\_disruption
- medium\_severity
- no\_reboot\_needed
- service\_rsyslog\_enabled
