Title: Ensure journald log rotation is configured per site policy (SystemMaxUse) Description: Journald includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageably large. The file /etc/systemd/journald.conf is the configuration file used to specify how logs generated by Journald should be rotated. Rationale: By keeping the log files smaller and more manageable, a system administrator can easily archive these files to another system and spend less time looking through inordinately large log files. Audit: Review /etc/systemd/journald.conf and verify logs are rotated according to site policy. The specific parameters for log rotation are: SystemMaxUse= SystemKeepFree= RuntimeMaxUse= RuntimeKeepFree= MaxFileSec= Remediation: Review /etc/systemd/journald.conf and verify logs a re rotated according to site policy. The settings should be carefully understood as there are specific edge cases and prioritization of parameters. The specific parameters for log rotation are: SystemMaxUse= SystemKeepFree= RuntimeMaxUse= RuntimeKeepFree= MaxFileSec= Additional Information: See man 5 journald.conf for detailed information regarding the parameters in use.

[500M, 100M, 250M, 50M, 1d]

Remediation: Review /etc/systemd/journald.conf and verify logs a re rotated according to site policy. The settings should be carefully understood as there are specific edge cases and prioritization of parameters. The specific parameters for log rotation are: SystemMaxUse= SystemKeepFree= RuntimeMaxUse= RuntimeKeepFree= MaxFileSec= Additional Information: See man 5 journald.conf for detailed information regarding the parameters in use.