Blame SOURCES/scap-security-guide-0.1.64-stig_aide-PR_9282.patch

9e17c9
From 95b79ffa7e9247bd65a92311b92e37b0d83e4432 Mon Sep 17 00:00:00 2001
9e17c9
From: Watson Sato <wsato@redhat.com>
9e17c9
Date: Tue, 2 Aug 2022 15:01:42 +0200
9e17c9
Subject: [PATCH] Add rsyslogd to the list of tools check by aide
f386a0
9e17c9
RHEL products will also check for integrity of /usr/sbin/rsyslogd.
f386a0
---
f386a0
 .../aide/aide_check_audit_tools/ansible/shared.yml             | 1 +
f386a0
 .../aide/aide_check_audit_tools/bash/shared.sh                 | 3 +--
f386a0
 .../aide/aide_check_audit_tools/oval/shared.xml                | 2 +-
f386a0
 .../aide/aide_check_audit_tools/tests/correct.pass.sh          | 2 +-
f386a0
 .../aide_check_audit_tools/tests/correct_with_selinux.pass.sh  | 2 +-
f386a0
 .../aide/aide_check_audit_tools/tests/not_config.fail.sh       | 2 +-
f386a0
 6 files changed, 6 insertions(+), 6 deletions(-)
f386a0
f386a0
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
9e17c9
index 9d1b7b675c9..5905ea8d0e6 100644
f386a0
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
f386a0
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
f386a0
@@ -22,6 +22,7 @@
f386a0
       - /usr/sbin/aureport
f386a0
       - /usr/sbin/ausearch
f386a0
       - /usr/sbin/autrace
f386a0
+      {{% if product == 'ol8' or 'rhel' in product %}}- /usr/sbin/rsyslogd{{% endif %}}
f386a0
 
f386a0
 - name: Ensure existing AIDE configuration for audit tools are correct
f386a0
   lineinfile:
f386a0
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
9e17c9
index d0a1ba2522f..a81e25c3950 100644
f386a0
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
f386a0
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
f386a0
@@ -18,12 +18,11 @@
f386a0
 {{% set auditfiles = auditfiles + ["/usr/sbin/audispd"] %}}
f386a0
 {{% endif %}}
f386a0
 
f386a0
-{{% if product == 'ol8' %}}
f386a0
+{{% if product == 'ol8' or 'rhel' in product %}}
f386a0
 {{% set auditfiles = auditfiles + ["/usr/sbin/rsyslogd"] %}}
f386a0
 {{% endif %}}
f386a0
 
f386a0
 {{% for file in auditfiles %}}
f386a0
-
f386a0
 if grep -i '^.*{{{file}}}.*$' {{{ aide_conf_path }}}; then
f386a0
 sed -i "s#.*{{{file}}}.*#{{{file}}} {{{ aide_string() }}}#" {{{ aide_conf_path }}}
f386a0
 else
f386a0
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml
9e17c9
index 6ce56c1137a..ca9bf4f94d0 100644
f386a0
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml
f386a0
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml
f386a0
@@ -11,7 +11,7 @@
f386a0
       {{% if 'rhel' not in product and product != 'ol8' %}}
f386a0
       <criterion comment="audispd is checked in {{{ aide_conf_path }}}" test_ref="test_aide_verify_audispd" />
f386a0
       {{% endif %}}
f386a0
-      {{% if product == 'ol8' %}}
f386a0
+      {{% if product == 'ol8' or 'rhel' in product %}}
f386a0
       <criterion comment="rsyslogd is checked in {{{ aide_conf_path }}}" test_ref="test_aide_verify_rsyslogd" />
f386a0
       {{% endif %}}
f386a0
       <criterion comment="augenrules is checked in {{{ aide_conf_path }}}" test_ref="test_aide_verify_augenrules" />
f386a0
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
9e17c9
index 756b88d8a23..071dde13295 100644
f386a0
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
f386a0
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
f386a0
@@ -7,7 +7,7 @@ aide --init
f386a0
 
f386a0
 
f386a0
 declare -a bins
f386a0
-bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace')
f386a0
+bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace' '/usr/sbin/rsyslogd')
f386a0
 
f386a0
 for theFile in "${bins[@]}"
f386a0
 do
f386a0
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
9e17c9
index f3a2a126d3d..cb9bbfa7350 100644
f386a0
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
f386a0
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
f386a0
@@ -4,7 +4,7 @@
f386a0
 yum -y install aide
f386a0
 
f386a0
 declare -a bins
f386a0
-bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace')
f386a0
+bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace' '/usr/sbin/rsyslogd')
f386a0
 
f386a0
 for theFile in "${bins[@]}"
f386a0
 do
f386a0
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
9e17c9
index 4315cef2073..a22aecb0000 100644
f386a0
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
f386a0
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
f386a0
@@ -6,7 +6,7 @@ yum -y install aide
f386a0
 aide --init
f386a0
 
f386a0
 declare -a bins
f386a0
-bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace')
f386a0
+bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace' '/usr/sbin/rsyslogd')
f386a0
 
f386a0
 for theFile in "${bins[@]}"
f386a0
 do