Description:Journald supports the ability to receive messages from remote hosts, thus acting as a log server. Clients should not receive data from other hosts. Note: * The same package, systemd-journal-remote, is used for both sending logs to remote hosts and receiving incoming logs. * With regards to receiving logs, there are two services; systemd-journal-remote.socket and systemd-journal-remote.service. Rationale:If a client is configured to also receive data, thus turning it into a server, the client system is acting outside it's operational boundary.Audit:Run the following command to verify systemd-journal-remote.socket is not enabled # systemctl is-enabled systemd-journal-remote.socketVerify the output matches: disabled Remediation:Run the following command to disable systemd-journal-remote.socket: # systemctl --now disable systemd-journal-remote.socket

[Disable/Enable]

Run the following command to disable systemd-journal-remote.socket: # systemctl --now disable systemd-journal-remote.socket