|
|
9e17c9 |
From 95b79ffa7e9247bd65a92311b92e37b0d83e4432 Mon Sep 17 00:00:00 2001
|
|
|
9e17c9 |
From: Watson Sato <wsato@redhat.com>
|
|
|
9e17c9 |
Date: Tue, 2 Aug 2022 15:01:42 +0200
|
|
|
9e17c9 |
Subject: [PATCH] Add rsyslogd to the list of tools check by aide
|
|
|
f386a0 |
|
|
|
9e17c9 |
RHEL products will also check for integrity of /usr/sbin/rsyslogd.
|
|
|
f386a0 |
---
|
|
|
f386a0 |
.../aide/aide_check_audit_tools/ansible/shared.yml | 1 +
|
|
|
f386a0 |
.../aide/aide_check_audit_tools/bash/shared.sh | 3 +--
|
|
|
f386a0 |
.../aide/aide_check_audit_tools/oval/shared.xml | 2 +-
|
|
|
f386a0 |
.../aide/aide_check_audit_tools/tests/correct.pass.sh | 2 +-
|
|
|
f386a0 |
.../aide_check_audit_tools/tests/correct_with_selinux.pass.sh | 2 +-
|
|
|
f386a0 |
.../aide/aide_check_audit_tools/tests/not_config.fail.sh | 2 +-
|
|
|
f386a0 |
6 files changed, 6 insertions(+), 6 deletions(-)
|
|
|
f386a0 |
|
|
|
f386a0 |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
|
|
|
9e17c9 |
index 9d1b7b675c9..5905ea8d0e6 100644
|
|
|
f386a0 |
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
|
|
|
f386a0 |
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
|
|
|
f386a0 |
@@ -22,6 +22,7 @@
|
|
|
f386a0 |
- /usr/sbin/aureport
|
|
|
f386a0 |
- /usr/sbin/ausearch
|
|
|
f386a0 |
- /usr/sbin/autrace
|
|
|
f386a0 |
+ {{% if product == 'ol8' or 'rhel' in product %}}- /usr/sbin/rsyslogd{{% endif %}}
|
|
|
f386a0 |
|
|
|
f386a0 |
- name: Ensure existing AIDE configuration for audit tools are correct
|
|
|
f386a0 |
lineinfile:
|
|
|
f386a0 |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
|
|
|
9e17c9 |
index d0a1ba2522f..a81e25c3950 100644
|
|
|
f386a0 |
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
|
|
|
f386a0 |
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
|
|
|
f386a0 |
@@ -18,12 +18,11 @@
|
|
|
f386a0 |
{{% set auditfiles = auditfiles + ["/usr/sbin/audispd"] %}}
|
|
|
f386a0 |
{{% endif %}}
|
|
|
f386a0 |
|
|
|
f386a0 |
-{{% if product == 'ol8' %}}
|
|
|
f386a0 |
+{{% if product == 'ol8' or 'rhel' in product %}}
|
|
|
f386a0 |
{{% set auditfiles = auditfiles + ["/usr/sbin/rsyslogd"] %}}
|
|
|
f386a0 |
{{% endif %}}
|
|
|
f386a0 |
|
|
|
f386a0 |
{{% for file in auditfiles %}}
|
|
|
f386a0 |
-
|
|
|
f386a0 |
if grep -i '^.*{{{file}}}.*$' {{{ aide_conf_path }}}; then
|
|
|
f386a0 |
sed -i "s#.*{{{file}}}.*#{{{file}}} {{{ aide_string() }}}#" {{{ aide_conf_path }}}
|
|
|
f386a0 |
else
|
|
|
f386a0 |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml
|
|
|
9e17c9 |
index 6ce56c1137a..ca9bf4f94d0 100644
|
|
|
f386a0 |
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml
|
|
|
f386a0 |
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml
|
|
|
f386a0 |
@@ -11,7 +11,7 @@
|
|
|
f386a0 |
{{% if 'rhel' not in product and product != 'ol8' %}}
|
|
|
f386a0 |
<criterion comment="audispd is checked in {{{ aide_conf_path }}}" test_ref="test_aide_verify_audispd" />
|
|
|
f386a0 |
{{% endif %}}
|
|
|
f386a0 |
- {{% if product == 'ol8' %}}
|
|
|
f386a0 |
+ {{% if product == 'ol8' or 'rhel' in product %}}
|
|
|
f386a0 |
<criterion comment="rsyslogd is checked in {{{ aide_conf_path }}}" test_ref="test_aide_verify_rsyslogd" />
|
|
|
f386a0 |
{{% endif %}}
|
|
|
f386a0 |
<criterion comment="augenrules is checked in {{{ aide_conf_path }}}" test_ref="test_aide_verify_augenrules" />
|
|
|
f386a0 |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
|
|
|
9e17c9 |
index 756b88d8a23..071dde13295 100644
|
|
|
f386a0 |
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
|
|
|
f386a0 |
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
|
|
|
f386a0 |
@@ -7,7 +7,7 @@ aide --init
|
|
|
f386a0 |
|
|
|
f386a0 |
|
|
|
f386a0 |
declare -a bins
|
|
|
f386a0 |
-bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace')
|
|
|
f386a0 |
+bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace' '/usr/sbin/rsyslogd')
|
|
|
f386a0 |
|
|
|
f386a0 |
for theFile in "${bins[@]}"
|
|
|
f386a0 |
do
|
|
|
f386a0 |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
|
|
|
9e17c9 |
index f3a2a126d3d..cb9bbfa7350 100644
|
|
|
f386a0 |
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
|
|
|
f386a0 |
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
|
|
|
f386a0 |
@@ -4,7 +4,7 @@
|
|
|
f386a0 |
yum -y install aide
|
|
|
f386a0 |
|
|
|
f386a0 |
declare -a bins
|
|
|
f386a0 |
-bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace')
|
|
|
f386a0 |
+bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace' '/usr/sbin/rsyslogd')
|
|
|
f386a0 |
|
|
|
f386a0 |
for theFile in "${bins[@]}"
|
|
|
f386a0 |
do
|
|
|
f386a0 |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
|
|
|
9e17c9 |
index 4315cef2073..a22aecb0000 100644
|
|
|
f386a0 |
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
|
|
|
f386a0 |
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
|
|
|
f386a0 |
@@ -6,7 +6,7 @@ yum -y install aide
|
|
|
f386a0 |
aide --init
|
|
|
f386a0 |
|
|
|
f386a0 |
declare -a bins
|
|
|
f386a0 |
-bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace')
|
|
|
f386a0 |
+bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace' '/usr/sbin/rsyslogd')
|
|
|
f386a0 |
|
|
|
f386a0 |
for theFile in "${bins[@]}"
|
|
|
f386a0 |
do
|