Skip to content

4.2.1.1.2 Ensure systemd-journal-remote is configured

Audit#

Verify systemd-journal-remote is configured.

Run the following command: 

# grep -P "^ *URL=|^ *ServerKeyFile=|^ *ServerCertificateFile=|^ *TrustedCertificateFile=" /etc/systemd/journal-upload.conf

Verify the output matches per your environments certificate locations and the URL of the log server. Example: 

URL=192.168.50.42
ServerKeyFile=/etc/ssl/private/journal-upload.pem
ServerCertificateFile=/etc/ssl/certs/journal-upload.pem
TrustedCertificateFile=/etc/ssl/ca/trusted.pem

Remediation#

Edit the /etc/systemd/journal-upload.conf file and ensure the following lines are set per your environment: 

URL=192.168.50.42
ServerKeyFile=/etc/ssl/private/journal-upload.pem
ServerCertificateFile=/etc/ssl/certs/journal-upload.pem
TrustedCertificateFile=/etc/ssl/ca/trusted.pem

Restart the service: 

# systemctl restart systemd-journal-upload