Skip to content

4.2.1.1.4 Ensure journald is not configured to recieve logs from a remote client

Audit#

Run the following command to verify systemd-journal-remote.socket is not enabled: 

# systemctl is-enabled systemd-journal-remote.socket

Verify the output matches: 

disabled

Remediation#

Run the following command to disable systemd-journal-remote.socket: 

# systemctl --now disable systemd-journal-remote.socket