3.4 Ensure log files are rotated

Information

Log rotation ensures log files do not consume excessive disk space, potentially causing a denial of service.

Rationale:

Log files are important to track activity that occurs on your server, but they take up significant amounts of space. Log rotation should be configured in order to ensure the logs do not consume so much disk space that logging becomes unavailable.

Solution

Follow the below procedure to change the default configuration to the recommended log rotation configuration. You may need to manually edit or change the below command if the configuration is not the default.
To change log compression from daily to weekly:

sed -i 's/daily/weekly/' /etc/logrotate.d/nginx

To change log rotation from every year to every 13 weeks:

sed -i 's/rotate 52/rotate 13/' /etc/logrotate.d/nginx

Default Value:

cat /etc/logrotate.d/nginx

/var/log/nginx/*.log {

daily

missingok

rotate 52

compress

delaycompress

notifempty

create 640 nginx adm

sharedscripts

postrotate

if [ -f /var/run/nginx.pid ]; then

kill -USR1 'cat /var/run/nginx.pid'

fi

endscript

}

Additional Information:

You should always comply with your organizational log retention policy.

See Also

https://workbench.cisecurity.org/benchmarks/17381

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CSCv7|6.4

Plugin: Unix

Control ID: fabad947cac49372ff63e3b4ebc63982db8be6d42089a35137470af05b5f15e5