scap-security-guide/scap-security-guide-0.1.64-warning_about_queues_for_rsyslog_remote_loghost-PR_9305.patch

93 lines
4.8 KiB
Diff
Raw Normal View History

From 245d4e04318bcac20f15e680cf1b33a35b94067a Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Mon, 8 Aug 2022 14:34:34 +0200
Subject: [PATCH 1/3] add warning to the rsyslog_remote_loghost rule about
configuring queues
---
.../rsyslog_remote_loghost/rule.yml | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
index 4ce56d2e6a5..c73d9ec95a6 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
@@ -90,3 +90,20 @@ fixtext: |-
*.* @@[remoteloggingserver]:[port]"
srg_requirement: 'The {{{ full_name }}} audit records must be off-loaded onto a different system or storage media from the system being audited.'
+
+warnings:
+ - functionality: |-
+ It is important to configure queues in case the client is sending log
+ messages to a remote server. If queues are not configured, there is a
+ danger that the system will stop functioning in case that the connection
+ to the remote server is not available. Please consult Rsyslog
+ documentation for more information about configuration of queues. The
+ example configuration which should go into <tt>/etc/rsyslog.conf</tt>
+ can look like the following lines:
+ <pre>
+ $ActionQueueType LinkedList
+ $ActionQueueFileName somenameforprefix
+ $ActionQueueMaxDiskSpace 1g
+ $ActionQueueSaveOnShutdown on
+ $ActionResumeRetryCount -1
+ </pre>
From 10fbd1665513284fbb82cf1af96b92774301f8e5 Mon Sep 17 00:00:00 2001
From: vojtapolasek <krecoun@gmail.com>
Date: Tue, 9 Aug 2022 09:41:00 +0200
Subject: [PATCH 2/3] Apply suggestions from code review
Co-authored-by: Watson Yuuma Sato <wsato@redhat.com>
---
.../rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
index c73d9ec95a6..706d3265a08 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
@@ -95,14 +95,14 @@ warnings:
- functionality: |-
It is important to configure queues in case the client is sending log
messages to a remote server. If queues are not configured, there is a
- danger that the system will stop functioning in case that the connection
+ the system will stop functioning when the connection
to the remote server is not available. Please consult Rsyslog
documentation for more information about configuration of queues. The
example configuration which should go into <tt>/etc/rsyslog.conf</tt>
can look like the following lines:
<pre>
$ActionQueueType LinkedList
- $ActionQueueFileName somenameforprefix
+ $ActionQueueFileName queuefilename
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionResumeRetryCount -1
From e2abf4f8a1bcc0dd02ad4af6f9575797abdd332e Mon Sep 17 00:00:00 2001
From: vojtapolasek <krecoun@gmail.com>
Date: Tue, 9 Aug 2022 10:55:04 +0200
Subject: [PATCH 3/3] Update
linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
Co-authored-by: Watson Yuuma Sato <wsato@redhat.com>
---
.../rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
index 706d3265a08..cce4d5cac1d 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
@@ -94,7 +94,7 @@ srg_requirement: 'The {{{ full_name }}} audit records must be off-loaded onto a
warnings:
- functionality: |-
It is important to configure queues in case the client is sending log
- messages to a remote server. If queues are not configured, there is a
+ messages to a remote server. If queues are not configured,
the system will stop functioning when the connection
to the remote server is not available. Please consult Rsyslog
documentation for more information about configuration of queues. The