From c988807382a5c0e307567def55fcedcb2e3b75b7 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 4 Oct 2021 12:18:05 -0500 Subject: [PATCH 1/4] Update rsyslog_remote_loghost to match STIG and CIS STIG and CIS only match *.conf files and we matched all files. Moving to match the benchmarks. Fixes #7333 --- .../rsyslog_remote_loghost/oval/shared.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/oval/shared.xml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/oval/shared.xml index 5895b7fab24..7b5d4968886 100644 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/oval/shared.xml +++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/oval/shared.xml @@ -39,7 +39,7 @@ /etc/rsyslog.d - .* + *.conf ^\*\.\*[\s]+(?:@|\:omrelp\:) 1 From 19d72d76e6818f47e71245dece0d6faa62cfcdb1 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 4 Oct 2021 13:11:10 -0500 Subject: [PATCH 3/4] Add packages so that test suite pass in a container --- .../rsyslog_remote_loghost/tests/line_commented.fail.sh | 1 + .../rsyslog_remote_loghost/tests/line_not_there.fail.sh | 1 + .../rsyslog_remote_loghost/tests/remote_configured.pass.sh | 1 + 3 files changed, 3 insertions(+) diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/line_commented.fail.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/line_commented.fail.sh index 52376effea2..760606278b3 100644 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/line_commented.fail.sh +++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/line_commented.fail.sh @@ -1,4 +1,5 @@ #!/bin/bash +# packages = rsyslog CONF_FILE="/etc/rsyslog.conf" LOGHOST_LINE="*.* @@192.168.122.1:5000" diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/line_not_there.fail.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/line_not_there.fail.sh index 8a55da88c8d..ac82180f21c 100644 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/line_not_there.fail.sh +++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/line_not_there.fail.sh @@ -1,4 +1,5 @@ #!/bin/bash +# packages = rsyslog CONF_FILE="/etc/rsyslog.conf" sed -i "/^\*\.\*.*/d" "$CONF_FILE" diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/remote_configured.pass.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/remote_configured.pass.sh index 8122a490f25..3c396b4e52a 100644 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/remote_configured.pass.sh +++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/tests/remote_configured.pass.sh @@ -1,4 +1,5 @@ #!/bin/bash +# packages = rsyslog CONF_FILE="/etc/rsyslog.conf" LOGHOST_LINE="*.* @@192.168.122.1:5000" From e7110e97c808b82a8d6d91c9da42f6c5422747cf Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 11 Oct 2021 11:33:13 -0500 Subject: [PATCH 4/4] Fix regex on rsyslog_remote_loghost --- .../rsyslog_remote_loghost/oval/shared.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/oval/shared.xml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/oval/shared.xml index 7b5d4968886..0fdd24e18c2 100644 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/oval/shared.xml +++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/oval/shared.xml @@ -39,7 +39,7 @@ /etc/rsyslog.d - *.conf + ^.+\.conf$ ^\*\.\*[\s]+(?:@|\:omrelp\:) 1