Skip to content

Logging security controls

Control : LOGG-2138

For most Linux systems the kernel log daemon is used. Newer Linux versions may not include this kernel logger, but have an alternative to capture kernel related events. In that case, this control can be ignored. For all other systems it is advised to check why the kernel log daemon is not running.

Control : LOGG-2154

To prevent log data from being lost (e.g. destroyed on purpose), logging all data to a remote system is advised.

Control : LOGG-2190

Deleted files may sometimes be in use by applications. While this is uncommon behavior, it's usually seen by malicious software to hide its presence on the system. Investigate the related files by determining which application keeps it open and the related reason.