CCE-55023-6Platform: cpe:/o:redhat:enterprise_linux:8,cpe:/o:oracle:linux:7,cpe:/o:oracle:linux:8,cpe:/o:amazon:linux:2,cpe:/o:redhat:enterprise_linux:9,cpe:/o:redhat:enterprise_linux:7,cpe:/o:centos:centos:7 | Date: (C)2024-01-08 (M)2024-04-23 |
Title:
Ensure journald is not configured to receive logs from a remote client
Description:
Journald supports the ability to receive messages from remote hosts, thus acting as a log
server. Clients should not receive data from other hosts.
NOTE:
The same package, systemd-journal-remote , is used for both sending logs to
remote hosts and receiving incoming logs.
With regards to receiving logs, there are two services; systemd-journal-
remote.socket and systemd-journal-remote.service .
Rationale:
If a client is configured to also receive data, thus turning it into a server, the client system is
acting outside it's operational boundary.
Audit:
Run the following command to verify systemd-journal-remote.socket is not enabled:
# systemctl is-enabled systemd-journal-remote.socket
Verify the output matches:
masked
Remediation:
Run the following command to disable systemd-journal-remote.socket :
# systemctl --now mask systemd-journal-remote.socket
Parameter:
[yes/no]
Technical Mechanism:
Remediation:
Run the following command to disable systemd-journal-remote.socket :
# systemctl --now mask systemd-journal-remote.socket
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.7 | Attack Vector: NETWORK |
Exploit Score: 3.1 | Attack Complexity: LOW |
Impact Score: 4.0 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:96268 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97489 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97516 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97224 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97456 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97255 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97193 |