5.4 Configure logrotate - '/var/log/secure'

Information

The system includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageable large. The file /etc/logrotate.d/syslog is the configuration file used to rotate log files created by syslog or rsyslog. These files are rotated on a weekly basis via a cron job and the last 4 weeks are kept.

Rationale:

By keeping the log files smaller and more manageable, a system administrator can easily archive these files to another system and spend less time looking through inordinately large log files.

Solution

Edit the /etc/logrotate.d/syslog file to include appropriate system logs:

/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {

Default Value:

OS Default: Yes

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12, CSCv7|6.3

Plugin: Unix

Control ID: 79924e660e9ec8b7b9000e61ab33f027ab8336fb9ceef0e959e04e180d32d01e