From cfbba5a3d43551fd2d8cdc7afdfa2b1fd7e2d0a4 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Wed, 18 Nov 2020 14:12:26 +0100
Subject: [PATCH 1/2] Make rsyslog_remote_tls regex case insensitive for
 rsyslogs parameters.

---
 .../rsyslog_remote_tls/oval/shared.xml                        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/oval/shared.xml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/oval/shared.xml
index ead7a770fd..56f970b2cd 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/oval/shared.xml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/oval/shared.xml
@@ -16,11 +16,11 @@
   <ind:textfilecontent54_object id="obj_rsyslog_remote_tls" version="1">
     <ind:behaviors singleline="true" />
     <ind:filepath operation="pattern match">^/etc/rsyslog\.(conf|d/.+\.conf)$</ind:filepath>
-    <ind:pattern operation="pattern match">^\s*action\(type="omfwd"(.+?)\)</ind:pattern>
+    <ind:pattern operation="pattern match">^\s*action\((?i)type(?-i)="omfwd"(.+?)\)</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">0</ind:instance>
   </ind:textfilecontent54_object>
 
   <ind:textfilecontent54_state id="state_rsyslog_remote_tls" comment="value of omfwd action" version="1">
-    <ind:subexpression datatype="string" operation="pattern match">(?=[\S\s]*\sprotocol="tcp")(?=[\S\s]*\sTarget="[^"]+?")(?=[\S\s]*\sport="6514")(?=[\S\s]*\sStreamDriver="gtls")(?=[\S\s]*\sStreamDriverMode="1")(?=[\S\s]*\sStreamDriverAuthMode="x509/name")(?=[\S\s]*\sstreamdriver\.CheckExtendedKeyPurpose="on")</ind:subexpression>
+    <ind:subexpression datatype="string" operation="pattern match">(?=[\S\s]*\s(?i)protocol(?-i)="tcp")(?=[\S\s]*\s(?i)Target(?-i)="[^"]+?")(?=[\S\s]*\s(?i)port(?-i)="6514")(?=[\S\s]*\s(?i)StreamDriver(?-i)="gtls")(?=[\S\s]*\s(?i)StreamDriverMode(?-i)="1")(?=[\S\s]*\s(?i)StreamDriverAuthMode(?-i)="x509/name")(?=[\S\s]*\s(?i)StreamDriver\.CheckExtendedKeyPurpose(?-i)="on")</ind:subexpression>
   </ind:textfilecontent54_state>
 </def-group>

From 7fabf6bffca1e02fccf09f62564d65384b4cf2f8 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Wed, 18 Nov 2020 15:12:26 +0100
Subject: [PATCH 2/2] Add test scenario for mixed case sensitivity.

---
 .../tests/correct_singleline_mixed_cases.pass.sh             | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/tests/correct_singleline_mixed_cases.pass.sh

diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/tests/correct_singleline_mixed_cases.pass.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/tests/correct_singleline_mixed_cases.pass.sh
new file mode 100644
index 0000000000..7e8455bb6c
--- /dev/null
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/tests/correct_singleline_mixed_cases.pass.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+cat >> /etc/rsyslog.conf <<EOF
+action(tYpe="omfwd" protocol="tcp" TarGet="remote.system.com" port="6514" StreaMDrIver="gtls" StrEamDriverMode="1" StreamDrivErAuthMode="x509/name" stReamDriver.CheckExteNdedKeyPurpose="on")
+EOF