Details

Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system.

Preserving operating system state information helps to facilitate operating system restart and return to the operational mode of the organization with least disruption to mission/business processes.

Solution

Configure the log service to collect failure events.

Install the log service (if the log service is not already installed) with the following command:

# sudo apt-get install rsyslog

Enable the log service with the following command:

# sudo systemctl enable rsyslog

Restart the log service with the following command:

# sudo systemctl restart rsyslog

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CAN_Ubuntu_18-04_LTS_V2R4_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-24
• CAT|II
• CCI|CCI-001665
• CSCv6|9.1
• Rule-ID|SV-219160r610963_rule
• STIG-ID|UBTU-18-010022
• STIG-Legacy|SV-109651
• STIG-Legacy|V-100547
• Vuln-ID|V-219160

Source

• Tenable.com/audits