STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Oracle Linux 8 Security Technical Implementation Guide

V-248723

CAT II (Medium)

Cron logging must be implemented in OL 8.

Rule ID

SV-248723r991589_rule

STIG

Oracle Linux 8 Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-000366

Discussion

Cron logging can be used to trace the successful or unsuccessful execution of cron jobs. It can also be used to spot intrusions into the use of the cron facility by unauthorized and malicious users.

Check Content

Verify that "rsyslog" is configured to log cron events with the following command: 
 
Note: If another logging package is used, substitute the utility configuration file for "/etc/rsyslog.conf" or "/etc/rsyslog.d/*.conf" files. 
 
$ sudo grep cron /etc/rsyslog.conf /etc/rsyslog.d/*.conf 
 
cron.* /var/log/cron 
 
If the command does not return a response, check for cron logging all facilities by inspecting the "/etc/rsyslog.conf" or "/etc/rsyslog.d/*.conf" files. 
 
Look for the following entry: 
 
*.* /var/log/messages 
 
If "rsyslog" is not logging messages for the cron facility or all facilities, this is a finding.

Fix Text

Configure "rsyslog" to log all cron messages by adding or updating the following line to "/etc/rsyslog.conf" or a configuration file in the "/etc/rsyslog.d/" directory: 
 
cron.* /var/log/cron 
 
The rsyslog daemon must be restarted for the changes to take effect: 
 
$ sudo systemctl restart rsyslog.service