{"results":[{"id":"kickstart-logging-tcp-only-port-514","text":"Kickstart `logging` command for remote syslog uses TCP only, with default port 514.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"logging-reliable-dual-protocol-transport","text":"The RHEL 9 logging system role supports reliable concurrent TCP and UDP remote transport configuration, allowing administrators to specify both protocols on a single remote input.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"logging-tls-universal-deployment","text":"The RHEL 9 logging system role can deploy TLS-encrypted remote log transport in any environment regardless of identity infrastructure.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel-system-roles-key-roles","text":"Key RHEL system roles include `timesync`, `network`, `selinux`, `storage`, `firewall`, `logging`, and `kdump`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-centralized-logging-and-audit-observability","text":"RHEL 9 provides centralized observability through two complementary subsystems: the audit framework (file watches, auid login tracking, compliance rules, dedicated service management) and the logging system role (rsyslog configuration via Ansible with structured input/output/flow variable groups and SELinux-aware port management).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-closed-loop-fleet-security-operations","text":"RHEL 9 enables closed-loop fleet security operations where defense-in-depth configuration (SELinux, firewalld, crypto, audit) is automatable via Ansible system roles while continuously verifiable through audit logging, AIDE integrity monitoring, and OpenSCAP compliance scanning.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-comprehensive-security-posture","text":"RHEL 9 provides a comprehensive security posture integrating defense-in-depth hardened defaults (SELinux, firewalld, crypto policies, audit), continuous compliance monitoring (audit logging, AIDE integrity, OpenSCAP scanning), and layered authentication hardening (pam_faillock, password aging, SSH key-based auth) into a unified security architecture.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-continuously-observable-compliance","text":"RHEL 9 compliance is observable through complementary mechanisms: continuous audit logging (file watches, auid tracking, pre-configured compliance rule sets for OSPP/PCI-DSS/STIG) provides ongoing evidence collection, while periodic AIDE integrity checks and OpenSCAP scanning provide point-in-time compliance verification.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-dac-through-mac-access-control","text":"RHEL 9 implements layered access control from filesystem-level DAC (ugo/rwx permissions, setgid collaboration, hard/soft links) through SELinux MAC (Type Enforcement as primary policy, per-domain permissive mode, AVC denial logging), with DAC evaluated before MAC.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-defense-in-depth-container-isolation","text":"RHEL 9 containers operate within a defense-in-depth security stack where per-container MCS categories (assigned by container-selinux) provide inter-container isolation, layered on top of SELinux type enforcement, firewalld network controls, system-wide crypto policies, and continuous audit logging — meaning container breakout must defeat not just the container boundary but every surrounding security layer.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-full-lifecycle-infrastructure","text":"RHEL 9 supports full infrastructure lifecycle from image creation and automated deployment (Image Builder, Kickstart, Anaconda) through content delivery (BaseOS + AppStream repositories) to ongoing configuration management (Ansible system roles with dual naming, covering timesync, network, SELinux, storage, firewall, logging, and kdump).","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-identity-integrated-observability","text":"RHEL 9 observability is identity-integrated at both collection and verification layers: the centralized logging and audit subsystem (rsyslog framework, file watches, auid login identity tracking) feeds into identity-verified security monitoring where IdM-provided Kerberos identities ensure audit trails are tied to verified principals, not just UIDs.","truth_value":"OUT","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-input-types","text":"Logging system role input types are: `basics` (local journal/socket), `remote` (network receiver), and `files` (specific file paths).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-output-types","text":"Logging system role output types are: `files` (local), `remote_files` (per-host remote storage organized by `%FROMHOST%`), and `forwards` (send to remote server).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-role-name","text":"The RHEL logging system role is `redhat.rhel_system_roles.logging` and configures rsyslog on managed nodes.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-role-three-variable-groups","text":"The logging system role uses three variable groups: `logging_inputs` (log sources), `logging_outputs` (log destinations), and `logging_flows` (connecting inputs to outputs).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-selinux-syslog-ports","text":"Default SELinux-allowed syslog ports are 601, 514, 6514, 10514, and 20514.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-system-role-framework","text":"The RHEL 9 logging system role (redhat.rhel_system_roles.logging) provides a structured rsyslog configuration framework organized around three variable groups: inputs (basics/remote/files as log sources), outputs (files/remote_files/forwards as destinations), and flows connecting them, with SELinux constraining allowed syslog ports to 601, 514, 6514, 10514, and 20514.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-tls-requires-idm","text":"TLS for the logging system role requires managed nodes to be enrolled in an IdM domain for CA-signed certificates.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-tls-requires-idm-enrollment","text":"TLS for the logging system role requires managed nodes to be enrolled in an IdM domain for CA-signed certificates.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":25,"limit":20,"offset":0}