Ensure journald is configured to write logfiles to persistent diskID: oval:org.secpod.oval:def:87394 | Date: (C)2023-02-09 (M)2023-12-20 |
Class: COMPLIANCE | Family: unix |
Data from journald may be stored in volatile memory or persisted locally on the server. Logs in memory will be lost upon a system reboot. By persisting logs to local disk on the server they are protected from loss.
Rationale:
Writing log data to disk will provide the ability to forensically reconstruct events which may have impacted the operations or security of a system even after a system crash or reboot.