You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
In the Checking remote logging test, it doesn't seem that lynis is aware of AWS CloudWatch Agent, which can be configured to send logs to a CloudWatch log stream for both EC2 instances and on-prem servers.
Describe the solution you'd like
I think finding the amazon cloudwatch agent configuration file and checking to see that the logs list has contents could work. I think the configuration path is typically /opt/aws/amazon-cloudwatch-agent/bin/config.json.
Using jq, here is an example of validating that this agent is configured for remote logging (as opposed to just metrics collection):
Is your feature request related to a problem? Please describe.
In the
Checking remote logging
test, it doesn't seem that lynis is aware of AWS CloudWatch Agent, which can be configured to send logs to a CloudWatch log stream for both EC2 instances and on-prem servers.Describe the solution you'd like
I think finding the amazon cloudwatch agent configuration file and checking to see that the logs list has contents could work. I think the configuration path is typically
/opt/aws/amazon-cloudwatch-agent/bin/config.json
.Using
jq
, here is an example of validating that this agent is configured for remote logging (as opposed to just metrics collection):In this case there are three logs that are being sent remotely to CloudWatch. Example contents of these three log file configurations is as follows:
$ cat /opt/aws/amazon-cloudwatch-agent/bin/config.json | jq '.logs.logs_collected.files.collect_list'
And of course, validating that the service is even running:
Required changes
A new tests needs to be added.
The text was updated successfully, but these errors were encountered: