Logging security controls
Control : LOGG-2138
For most Linux systems the kernel log daemon is used. Newer Linux versions may not include this kernel logger, but have an alternative to capture kernel related events. In that case, this control can be ignored. For all other systems it is advised to check why the kernel log daemon is not running.
Control : LOGG-2154
To prevent log data from being lost (e.g. destroyed on purpose), logging all data to a remote system is advised.
Control : LOGG-2190
Deleted files may sometimes be in use by applications. While this is uncommon behavior, it's usually seen by malicious software to hide its presence on the system. Investigate the related files by determining which application keeps it open and the related reason.