Detections
Analytics

6.1.2.11 Ensure rsyslog CA certificates are configured

Information

The Certificate Authority (CA) is the trusted root certificate used to verify the authenticity of the remote system's TLS certificate during encrypted log forwarding.

The certificate authority certificates ensures that the client only trusts and connects to rsyslog servers presenting a certificated signed by the CA preventing data leakage or exposure in transit.

Solution

Edit rsyslog.conf or a .conf file in /etc/rsyslog.d/ to the correct path for the CA certificate:

Example

# certificate files - just CA for a client
global(DefaultNetstreamDriverCAFile="/path/to/contrib/gnutls/ca.pem")

Impact:

Proper certificate management is required to prevent misconfiguration and log forwarding failures until the trust chain is restored.

See Also

https://workbench.cisecurity.org/benchmarks/26236

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8

Plugin: Unix

Control ID: 8869b8c84076914504729fdcec3424cf59d139b9bd162f6683ec30a6f4cb4c34