4.2.3 Ensure logrotate is configured

Information

The system includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageable large. The file /etc/logrotate.d/syslog is the configuration file used to rotate log files created by syslog or rsyslog.

Rationale:

By keeping the log files smaller and more manageable, a system administrator can easily archive these files to another system and spend less time looking through inordinately large log files.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Edit /etc/logrotate.conf and /etc/logrotate.d/* to ensure logs are rotated according to site policy.

Additional Information:

If no maxage setting is set for logrotate a situation can occur where logrotate is interrupted and fails to delete rotated logfiles. It is recommended to set this to a value greater than the longest any log file should exist on your system to ensure that any such logfile is removed but standard rotation settings are not overridden.

See Also

https://workbench.cisecurity.org/files/3144

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CSCv6|6.3, CSCv7|6.4

Plugin: Unix

Control ID: 067f0bb892b0371d8e5a5e5555350d3ba88f9ddaf4f673973f1d7e4569d40dad