diff --git a/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch b/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch
new file mode 100644
index 0000000..eb63127
--- /dev/null
+++ b/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch
@@ -0,0 +1,106 @@
+From a8cea205d5f9f975ca03ef39e79d18698236cfe2 Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Mon, 13 Feb 2023 17:49:14 +0100
+Subject: [PATCH 3/5] Change custom zones check in firewalld_sshd_port_enabled
+
+Patch-name: scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch
+Patch-status: Change custom zones check in firewalld_sshd_port_enabled
+---
+ .../oval/shared.xml                           | 68 +++++++++++++++----
+ 1 file changed, 54 insertions(+), 14 deletions(-)
+
+diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml
+index 4adef2e53f..d7c96665b4 100644
+--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml
++++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml
+@@ -133,9 +133,10 @@
+          OVAL resources in order to detect and assess only active zone, which are zones with at
+          least one NIC assigned to it. Since it was possible to easily have the list of active
+          zones, it was cumbersome to use that list in other OVAL objects without introduce a high
+-         level of complexity to make sure environments with multiple NICs and multiple zones are
+-         in use. So, in favor of simplicity and readbility it was decided to work with a static
+-         list. It means that, in the future, it is possible this list needs to be updated. -->
++         level of complexity to ensure proper assessment in environments where multiple NICs and
++         multiple zones are in use. So, in favor of simplicity and readbility it was decided to
++         work with a static list. It means that, in the future, it is possible this list needs to
++         be updated. -->
+     <local_variable id="var_firewalld_sshd_port_enabled_default_zones" version="1"
+         datatype="string"
+         comment="Regex containing the list of zones files delivered in the firewalld package">
+@@ -145,23 +146,62 @@
+     <!-- If any default zone is modified by the administrator, the respective zone file is placed
+          in the /etc/firewalld/zones dir in order to override the default zone settings. The same
+          directory is applicable for new zones created by the administrator. Therefore, all files
+-         in this directory should also allow SSH. -->
+-    <ind:xmlfilecontent_test id="test_firewalld_sshd_port_enabled_zone_ssh_enabled_etc"
++         in this directory should also allow SSH.
++         This test was updated in a reaction to https://github.com/OpenSCAP/openscap/issues/1923,
++         which changed the behaviour of xmlfilecontent probe in OpenSCAP 1.3.7. Currently, a
++         variable test is the simplest way to check if all custom zones are allowing ssh, but have
++         an impact in transparency since the objects are not shown in reports. The transparency
++         impact can be workarounded by using other OVAL objects, but this would impact in
++         readability and would increase complexity. This solution is in favor of simplicity. -->
++    <ind:variable_test id="test_firewalld_sshd_port_enabled_zone_ssh_enabled_etc"
+         check="all" check_existence="at_least_one_exists" version="1"
+         comment="SSH service is defined in all zones created or modified by the administrator">
+-      <ind:object object_ref="object_firewalld_sshd_port_enabled_zone_files_etc"/>
+-      <ind:state state_ref="state_firewalld_sshd_port_enabled_zone_files_etc"/>
+-    </ind:xmlfilecontent_test>
++        <ind:object
++            object_ref="object_firewalld_sshd_port_enabled_custom_zone_files_with_ssh_count"/>
++        <ind:state state_ref="state_firewalld_sshd_port_enabled_custom_zone_files_count"/>
++    </ind:variable_test>
++
++    <ind:variable_object id="object_firewalld_sshd_port_enabled_custom_zone_files_with_ssh_count"
++        version="1">
++      <ind:var_ref>var_firewalld_sshd_port_enabled_custom_zone_files_with_ssh_count</ind:var_ref>
++    </ind:variable_object>
++
++    <local_variable id="var_firewalld_sshd_port_enabled_custom_zone_files_with_ssh_count"
++        datatype="int" version="1"
++        comment="Variable including number of custom zone files allowing ssh">
++        <count>
++            <object_component item_field="filepath"
++                object_ref="object_firewalld_sshd_port_enabled_zone_files_etc"/>
++        </count>
++    </local_variable>
+ 
+     <ind:xmlfilecontent_object id="object_firewalld_sshd_port_enabled_zone_files_etc" version="1">
+-      <ind:path>/etc/firewalld/zones</ind:path>
+-      <ind:filename operation="pattern match">^.*\.xml$</ind:filename>
+-      <ind:xpath>/zone/service[@name='ssh']</ind:xpath>
++        <ind:path>/etc/firewalld/zones</ind:path>
++        <ind:filename operation="pattern match">^.*\.xml$</ind:filename>
++        <ind:xpath>/zone/service[@name='ssh']</ind:xpath>
+     </ind:xmlfilecontent_object>
+ 
+-    <ind:xmlfilecontent_state id="state_firewalld_sshd_port_enabled_zone_files_etc" version="1">
+-      <ind:xpath>/zone/service[@name='ssh']</ind:xpath>
+-    </ind:xmlfilecontent_state>
++    <ind:variable_state id="state_firewalld_sshd_port_enabled_custom_zone_files_count"
++        version="1">
++        <ind:value datatype="int" operation="equals" var_check="at least one"
++            var_ref="var_firewalld_sshd_port_enabled_custom_zone_files_count"/>
++    </ind:variable_state>
++
++    <local_variable id="var_firewalld_sshd_port_enabled_custom_zone_files_count"
++        datatype="int" version="1"
++        comment="Variable including number of custom zone files present in /etc/firewalld/zones">
++        <count>
++            <object_component item_field="filepath"
++                object_ref="object_firewalld_sshd_port_enabled_custom_zone_files"/>
++        </count>
++    </local_variable>
++
++    <unix:file_object id="object_firewalld_sshd_port_enabled_custom_zone_files" version="1">
++        <unix:behaviors recurse="directories" recurse_direction="down" max_depth="1"
++            recurse_file_system="local"/>
++        <unix:path>/etc/firewalld/zones</unix:path>
++        <unix:filename operation="pattern match">^.*\.xml$</unix:filename>
++    </unix:file_object>
+ 
+     <!-- SSH service is configured as expected -->
+     <!-- The firewalld package brings many services already defined out-of-box, including SSH.
+-- 
+2.39.1
+
diff --git a/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch b/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch
new file mode 100644
index 0000000..c99057a
--- /dev/null
+++ b/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch
@@ -0,0 +1,122 @@
+From 25216f8eb9caa6e783322158967b689e8bd784e7 Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Mon, 13 Feb 2023 17:49:14 +0100
+Subject: [PATCH 4/5] Accept required and requisite control flag for
+ pam_pwhistory
+
+Patch-name: scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch
+Patch-status: Accept required and requisite control flag for pam_pwhistory
+---
+ controls/cis_rhel8.yml                                        | 2 +-
+ controls/cis_rhel9.yml                                        | 2 +-
+ controls/srg_gpos/SRG-OS-000077-GPOS-00045.yml                | 2 +-
+ .../rule.yml                                                  | 4 ++++
+ .../var_password_pam_remember_control_flag.var                | 1 +
+ products/rhel8/profiles/stig.profile                          | 2 +-
+ tests/data/profile_stability/rhel8/stig.profile               | 2 +-
+ tests/data/profile_stability/rhel8/stig_gui.profile           | 2 +-
+ 8 files changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
+index c0406f97b8..efc53d03fd 100644
+--- a/controls/cis_rhel8.yml
++++ b/controls/cis_rhel8.yml
+@@ -2267,7 +2267,7 @@ controls:
+     rules:
+       - accounts_password_pam_pwhistory_remember_password_auth
+       - accounts_password_pam_pwhistory_remember_system_auth
+-      - var_password_pam_remember_control_flag=requisite
++      - var_password_pam_remember_control_flag=requisite_or_required
+       - var_password_pam_remember=5
+ 
+   - id: 5.5.4
+diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml
+index 7299a39528..30f7e8d182 100644
+--- a/controls/cis_rhel9.yml
++++ b/controls/cis_rhel9.yml
+@@ -2112,7 +2112,7 @@ controls:
+     rules:
+       - accounts_password_pam_pwhistory_remember_password_auth
+       - accounts_password_pam_pwhistory_remember_system_auth
+-      - var_password_pam_remember_control_flag=requisite
++      - var_password_pam_remember_control_flag=requisite_or_required
+       - var_password_pam_remember=5
+ 
+   - id: 5.5.4
+diff --git a/controls/srg_gpos/SRG-OS-000077-GPOS-00045.yml b/controls/srg_gpos/SRG-OS-000077-GPOS-00045.yml
+index 1e8286a4a4..b02b7da419 100644
+--- a/controls/srg_gpos/SRG-OS-000077-GPOS-00045.yml
++++ b/controls/srg_gpos/SRG-OS-000077-GPOS-00045.yml
+@@ -5,7 +5,7 @@ controls:
+         title: {{{ full_name }}} must prohibit password reuse for a minimum of five generations.
+         rules:
+             - var_password_pam_remember=5
+-            - var_password_pam_remember_control_flag=requisite
++            - var_password_pam_remember_control_flag=requisite_or_required
+             - accounts_password_pam_pwhistory_remember_password_auth
+             - accounts_password_pam_pwhistory_remember_system_auth
+         status: automated
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
+index c549de2e96..d2b220ef9f 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
+@@ -129,3 +129,7 @@ warnings:
+        Newer versions of <tt>authselect</tt> contain an authselect feature to easily and properly
+        enable <tt>pam_pwhistory.so</tt> module. If this feature is not yet available in your
+        system, an authselect custom profile must be used to avoid integrity issues in PAM files.
++       If a custom profile was created and used in the system before this authselect feature was
++       available, the new feature can't be used with this custom profile and the
++       remediation will fail. In this case, the custom profile should be recreated or manually
++       updated.
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_password_pam_remember_control_flag.var b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_password_pam_remember_control_flag.var
+index 8f01007550..1959936c04 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_password_pam_remember_control_flag.var
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_password_pam_remember_control_flag.var
+@@ -20,4 +20,5 @@ options:
+     "sufficient": "sufficient"
+     "binding": "binding"
+     "ol8": "required,requisite"
++    "requisite_or_required": "requisite,required"
+     default: "requisite"
+diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
+index 8c64868619..a3f7dc9720 100644
+--- a/products/rhel8/profiles/stig.profile
++++ b/products/rhel8/profiles/stig.profile
+@@ -37,7 +37,7 @@ selections:
+     - var_accounts_minimum_age_login_defs=1
+     - var_accounts_max_concurrent_login_sessions=10
+     - var_password_pam_remember=5
+-    - var_password_pam_remember_control_flag=requisite
++    - var_password_pam_remember_control_flag=requisite_or_required
+     - var_selinux_state=enforcing
+     - var_selinux_policy_name=targeted
+     - var_password_pam_unix_rounds=5000
+diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
+index 6970a32b4f..5d694c6ae1 100644
+--- a/tests/data/profile_stability/rhel8/stig.profile
++++ b/tests/data/profile_stability/rhel8/stig.profile
+@@ -433,7 +433,7 @@ selections:
+ - var_accounts_minimum_age_login_defs=1
+ - var_accounts_max_concurrent_login_sessions=10
+ - var_password_pam_remember=5
+-- var_password_pam_remember_control_flag=requisite
++- var_password_pam_remember_control_flag=requisite_or_required
+ - var_selinux_state=enforcing
+ - var_selinux_policy_name=targeted
+ - var_password_pam_unix_rounds=5000
+diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
+index 314f14e4f6..e165525b90 100644
+--- a/tests/data/profile_stability/rhel8/stig_gui.profile
++++ b/tests/data/profile_stability/rhel8/stig_gui.profile
+@@ -441,7 +441,7 @@ selections:
+ - var_accounts_minimum_age_login_defs=1
+ - var_accounts_max_concurrent_login_sessions=10
+ - var_password_pam_remember=5
+-- var_password_pam_remember_control_flag=requisite
++- var_password_pam_remember_control_flag=requisite_or_required
+ - var_selinux_state=enforcing
+ - var_selinux_policy_name=targeted
+ - var_password_pam_unix_rounds=5000
+-- 
+2.39.1
+
diff --git a/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch b/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch
new file mode 100644
index 0000000..57535c7
--- /dev/null
+++ b/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch
@@ -0,0 +1,147 @@
+From 2bfdf9fa7e8309b079e657460671818e77b9a233 Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Mon, 13 Feb 2023 17:49:15 +0100
+Subject: [PATCH 5/5] remove rule logind_session_timeout and associated
+ variable from profiles
+
+Patch-name: scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch
+Patch-status: remove rule logind_session_timeout and associated variable from profiles
+---
+ controls/anssi.yml                                 | 2 --
+ products/rhel8/profiles/cjis.profile               | 2 --
+ products/rhel8/profiles/ospp.profile               | 2 --
+ products/rhel8/profiles/pci-dss.profile            | 2 --
+ products/rhel8/profiles/rht-ccp.profile            | 2 --
+ tests/data/profile_stability/rhel8/ospp.profile    | 2 --
+ tests/data/profile_stability/rhel8/pci-dss.profile | 2 --
+ 7 files changed, 14 deletions(-)
+
+diff --git a/controls/anssi.yml b/controls/anssi.yml
+index 607ce976ef..9e631d1de4 100644
+--- a/controls/anssi.yml
++++ b/controls/anssi.yml
+@@ -676,8 +676,6 @@ controls:
+     - var_accounts_tmout=10_min
+     - sshd_set_idle_timeout
+     - sshd_idle_timeout_value=10_minutes
+-    - logind_session_timeout
+-    - var_logind_session_timeout=10_minutes
+     - sshd_set_keepalive
+ 
+   - id: R30
+diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile
+index 22ae5aac72..30843b692e 100644
+--- a/products/rhel8/profiles/cjis.profile
++++ b/products/rhel8/profiles/cjis.profile
+@@ -104,7 +104,6 @@ selections:
+     - sshd_allow_only_protocol2
+     - sshd_set_idle_timeout
+     - var_sshd_set_keepalive=0
+-    - logind_session_timeout
+     - sshd_set_keepalive_0
+     - disable_host_auth
+     - sshd_disable_root_login
+@@ -120,7 +119,6 @@ selections:
+     - set_firewalld_default_zone
+     - firewalld_sshd_port_enabled
+     - sshd_idle_timeout_value=30_minutes
+-    - var_logind_session_timeout=30_minutes
+     - inactivity_timeout_value=30_minutes
+     - sysctl_net_ipv4_conf_default_accept_source_route
+     - sysctl_net_ipv4_tcp_syncookies
+diff --git a/products/rhel8/profiles/ospp.profile b/products/rhel8/profiles/ospp.profile
+index 0fe17b2085..fb46ab4c0c 100644
+--- a/products/rhel8/profiles/ospp.profile
++++ b/products/rhel8/profiles/ospp.profile
+@@ -300,8 +300,6 @@ selections:
+     ## We deliberately set sshd timeout to 1 minute before tmux lock timeout
+     - sshd_idle_timeout_value=14_minutes
+     - sshd_set_idle_timeout
+-    - logind_session_timeout
+-    - var_logind_session_timeout=14_minutes
+ 
+     ## Disable Unauthenticated Login (such as Guest Accounts)
+     ## FIA_UAU.1
+diff --git a/products/rhel8/profiles/pci-dss.profile b/products/rhel8/profiles/pci-dss.profile
+index c63c5f4a07..c0c9b12773 100644
+--- a/products/rhel8/profiles/pci-dss.profile
++++ b/products/rhel8/profiles/pci-dss.profile
+@@ -17,7 +17,6 @@ selections:
+     - var_accounts_passwords_pam_faillock_deny=6
+     - var_accounts_passwords_pam_faillock_unlock_time=1800
+     - sshd_idle_timeout_value=15_minutes
+-    - var_logind_session_timeout=15_minutes
+     - var_password_pam_minlen=7
+     - var_password_pam_minclass=2
+     - var_accounts_maximum_age_login_defs=90
+@@ -110,7 +109,6 @@ selections:
+     - dconf_gnome_screensaver_lock_enabled
+     - dconf_gnome_screensaver_mode_blank
+     - sshd_set_idle_timeout
+-    - logind_session_timeout
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+     - accounts_password_pam_minlen
+diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile
+index 6856951bff..01133a9bde 100644
+--- a/products/rhel8/profiles/rht-ccp.profile
++++ b/products/rhel8/profiles/rht-ccp.profile
+@@ -12,7 +12,6 @@ selections:
+     - var_selinux_state=enforcing
+     - var_selinux_policy_name=targeted
+     - sshd_idle_timeout_value=5_minutes
+-    - var_logind_session_timeout=5_minutes
+     - var_accounts_minimum_age_login_defs=7
+     - var_accounts_passwords_pam_faillock_deny=5
+     - var_accounts_password_warn_age_login_defs=7
+@@ -89,7 +88,6 @@ selections:
+     - package_telnet_removed
+     - sshd_allow_only_protocol2
+     - sshd_set_idle_timeout
+-    - logind_session_timeout
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+     - disable_host_auth
+diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
+index a31f3245d8..267b66a4f8 100644
+--- a/tests/data/profile_stability/rhel8/ospp.profile
++++ b/tests/data/profile_stability/rhel8/ospp.profile
+@@ -104,7 +104,6 @@ selections:
+ - kernel_module_firewire-core_disabled
+ - kernel_module_sctp_disabled
+ - kernel_module_tipc_disabled
+-- logind_session_timeout
+ - mount_option_boot_nodev
+ - mount_option_boot_nosuid
+ - mount_option_dev_shm_nodev
+@@ -254,7 +253,6 @@ selections:
+ - var_password_pam_ucredit=1
+ - var_password_pam_lcredit=1
+ - sshd_idle_timeout_value=14_minutes
+-- var_logind_session_timeout=14_minutes
+ - var_accounts_passwords_pam_faillock_deny=3
+ - var_accounts_passwords_pam_faillock_fail_interval=900
+ - var_accounts_passwords_pam_faillock_unlock_time=never
+diff --git a/tests/data/profile_stability/rhel8/pci-dss.profile b/tests/data/profile_stability/rhel8/pci-dss.profile
+index 5c77ea6a85..902d0084fc 100644
+--- a/tests/data/profile_stability/rhel8/pci-dss.profile
++++ b/tests/data/profile_stability/rhel8/pci-dss.profile
+@@ -109,7 +109,6 @@ selections:
+ - gid_passwd_group_same
+ - grub2_audit_argument
+ - install_hids
+-- logind_session_timeout
+ - no_empty_passwords
+ - package_aide_installed
+ - package_audispd-plugins_installed
+@@ -137,7 +136,6 @@ selections:
+ - var_accounts_passwords_pam_faillock_deny=6
+ - var_accounts_passwords_pam_faillock_unlock_time=1800
+ - sshd_idle_timeout_value=15_minutes
+-- var_logind_session_timeout=15_minutes
+ - var_password_pam_minlen=7
+ - var_password_pam_minclass=2
+ - var_accounts_maximum_age_login_defs=90
+-- 
+2.39.1
+
diff --git a/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch b/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch
new file mode 100644
index 0000000..13fae19
--- /dev/null
+++ b/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch
@@ -0,0 +1,3148 @@
+From c7eb8fafacbf7625e35b68d9934c98a1eb65ef65 Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Mon, 13 Feb 2023 17:49:13 +0100
+Subject: [PATCH 2/5] Extends rsyslog_logfiles_attributes_modify template for
+ permissions
+
+Patch-name: scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch
+Patch-status: Extends rsyslog_logfiles_attributes_modify template for permissions
+---
+ .../ansible/shared.yml                        |  59 --------
+ .../rsyslog_files_permissions/bash/shared.sh  |  92 ------------
+ .../rsyslog_files_permissions/oval/shared.xml | 131 -----------------
+ .../rsyslog_files_permissions/rule.yml        |  30 +++-
+ .../IncludeConfig_glob_perms_0600.pass.sh     |  40 -----
+ .../IncludeConfig_glob_perms_0601.fail.sh     |  41 ------
+ .../tests/IncludeConfig_perms_0600.pass.sh    |  39 -----
+ .../tests/IncludeConfig_perms_0601.fail.sh    |  40 -----
+ .../include_config_syntax_perms_0600.pass.sh  |  85 -----------
+ .../include_config_syntax_perms_0601.fail.sh  |  86 -----------
+ .../include_multiline_perms_0600.pass.sh      |  41 ------
+ .../tests/include_perms_0600.pass.sh          |  39 -----
+ ...erms_0600_IncludeConfig_perms_0600.pass.sh |  52 -------
+ ...erms_0600_IncludeConfig_perms_0601.fail.sh |  53 -------
+ ...00_IncludeConfig_perms_0601_hidden.pass.sh |  53 -------
+ ...0_IncludeConfig_perms_0601_missing.pass.sh |  45 ------
+ .../include_perms_0600_cloudinit.pass.sh      |  23 ---
+ .../tests/include_perms_0601.fail.sh          |  41 ------
+ .../include_perms_0601_cloudinit.fail.sh      |  22 ---
+ .../mixed_correct_attr_group_read.pass.sh     |  25 ++++
+ .../tests/mixed_correct_attr_stricter.pass.sh |  25 ++++
+ .../tests/perms_0600.pass.sh                  |  35 -----
+ .../tests/perms_0601.fail.sh                  |  34 -----
+ .../ansible.template                          |   7 +-
+ .../bash.template                             |  33 ++---
+ .../oval.template                             | 138 +++++++++---------
+ .../template.py                               |  18 +++
+ .../tests/IncludeConfig_is_other.fail.sh      |  50 -------
+ .../tests/include_is_other.fail.sh            |  50 -------
+ ...udeConfig_is_other_RainerLogClause.fail.sh |  75 ----------
+ .../tests/include_is_root.pass.sh             |  46 ------
+ ...ude_is_root_IncludeConfig_is_other.fail.sh |  63 --------
+ ...lude_is_root_IncludeConfig_is_root.pass.sh |  58 --------
+ ...ludeConfig_is_root_RainerLogClause.pass.sh |  59 --------
+ .../tests/include_multiline_is_root.pass.sh   |  47 ------
+ .../tests/is_root.pass.sh                     |  30 ----
+ ...er.fail.sh => legacy_correct_attr.pass.sh} |  26 ++--
+ ...sh => legacy_include_correct_attr.pass.sh} |  32 ++--
+ .../legacy_include_incorrect_attr.fail.sh     |  50 +++++++
+ .../tests/legacy_incorrect_attr.fail.sh       |  33 +++++
+ .../tests/mixed_correct_attr.pass.sh          |  33 +++++
+ .../tests/mixed_include_correct_attr.pass.sh  |  58 ++++++++
+ ...ixed_include_incorrect_attr_legacy.fail.sh |  63 ++++++++
+ ...ixed_include_incorrect_attr_rainer.fail.sh |  63 ++++++++
+ .../mixed_incorrect_attr_cloudinit.fail.sh    |  38 +++++
+ .../tests/mixed_incorrect_attr_legacy.fail.sh |  38 +++++
+ .../tests/mixed_incorrect_attr_rainer.fail.sh |  38 +++++
+ .../tests/rainer_correct_attr.pass.sh         |  31 ++++
+ .../tests/rainer_include_correct_attr.pass.sh |  45 ++++++
+ .../rainer_include_incorrect_attr.fail.sh     |  50 +++++++
+ ...ner_include_multiline_correct_attr.pass.sh |  47 ++++++
+ ...r_include_multiline_incorrect_attr.fail.sh |  52 +++++++
+ .../tests/rainer_incorrect_attr.fail.sh       |  33 +++++
+ 53 files changed, 875 insertions(+), 1660 deletions(-)
+ delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml
+ delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
+ delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0600.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0601.fail.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
+ delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_hidden.pass.sh
+ delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_missing.pass.sh
+ delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_cloudinit.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
+ delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601_cloudinit.fail.sh
+ create mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_group_read.pass.sh
+ create mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_stricter.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
+ create mode 100644 shared/templates/rsyslog_logfiles_attributes_modify/template.py
+ delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh
+ delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh
+ delete mode 100644 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh
+ delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh
+ delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh
+ delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh
+ delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh
+ delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh
+ delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh
+ rename shared/templates/rsyslog_logfiles_attributes_modify/tests/{is_other.fail.sh => legacy_correct_attr.pass.sh} (53%)
+ rename shared/templates/rsyslog_logfiles_attributes_modify/tests/{IncludeConfig_is_root.pass.sh => legacy_include_correct_attr.pass.sh} (51%)
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_incorrect_attr.fail.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_incorrect_attr.fail.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_correct_attr.pass.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_legacy.fail.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_rainer.fail.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_cloudinit.fail.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_legacy.fail.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_rainer.fail.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_correct_attr.pass.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_incorrect_attr.fail.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_correct_attr.pass.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_incorrect_attr.fail.sh
+ create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_incorrect_attr.fail.sh
+
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml
+deleted file mode 100644
+index ae8bbe3302..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml
++++ /dev/null
+@@ -1,59 +0,0 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+-# reboot = false
+-# strategy = configure
+-# complexity = low
+-# disruption = medium
+-
+-- name: "Set rsyslog logfile configuration facts"
+-  set_fact:
+-    rsyslog_etc_config: "/etc/rsyslog.conf"
+-{{% if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204", "sle15", "sle12"] %}}
+-    desired_perm_mode: "640"
+-{{% else %}}
+-    desired_perm_mode: "600"
+-{{% endif %}}
+-
+-# * And also the log file paths listed after rsyslog's $IncludeConfig directive
+-#   (store the result into array for the case there's shell glob used as value of IncludeConfig)
+-- name: "Get IncludeConfig directive"
+-  shell: |
+-    set -o pipefail
+-    grep -e '$IncludeConfig' {{ rsyslog_etc_config }} | cut -d ' ' -f 2 || true
+-  register: rsyslog_old_inc
+-  changed_when: False
+-
+-- name: "Get include files directives"
+-  shell: |
+-    set -o pipefail
+-    grep -oP '^\s*include\s*\(\s*file.*' {{ rsyslog_etc_config }} |cut  -d"\"" -f 2 || true
+-  register: rsyslog_new_inc
+-  changed_when: False
+-
+-- name: "Expand glob expressions"
+-  shell: |
+-    set -o pipefail
+-    eval printf '%s\\n' {{ item }}
+-  register: include_config_output
+-  loop: "{{ rsyslog_old_inc.stdout_lines + rsyslog_new_inc.stdout_lines }}"
+-
+-- name: "List all config files"
+-  shell: find {{ item }} -not -path "*/.*" -type f
+-  loop: "{{ include_config_output.results|map(attribute='stdout_lines')|list|flatten }}"
+-  register: rsyslog_config_files
+-  failed_when: False
+-  changed_when: False
+-
+-- name: "Extract log files"
+-  shell: |
+-    set -o pipefail
+-    grep -oP '^[^(\s|#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*\.*$' {{ item }}  |awk '{print $NF}'|sed -e 's/^-//' || true
+-  loop: "{{ rsyslog_config_files.results|map(attribute='stdout_lines')|list|flatten|unique + [ rsyslog_etc_config ] }}"
+-  register: log_files
+-  changed_when: False
+-
+-- name: "Setup log files permissions"
+-  ignore_errors: yes
+-  file:
+-    path: "{{ item }}"
+-    mode: "{{ desired_perm_mode }}"
+-  loop: "{{ log_files.results|map(attribute='stdout_lines')|list|flatten|unique }}"
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
+deleted file mode 100644
+index e4e2ade29e..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
++++ /dev/null
+@@ -1,92 +0,0 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+-
+-# List of log file paths to be inspected for correct permissions
+-# * Primarily inspect log file paths listed in /etc/rsyslog.conf
+-RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
+-# * And also the log file paths listed after rsyslog's $IncludeConfig directive
+-#   (store the result into array for the case there's shell glob used as value of IncludeConfig)
+-readarray -t OLD_INC < <(grep -e "\$IncludeConfig[[:space:]]\+[^[:space:];]\+" /etc/rsyslog.conf | cut -d ' ' -f 2)
+-readarray -t RSYSLOG_INCLUDE_CONFIG < <(for INCPATH in "${OLD_INC[@]}"; do eval printf '%s\\n' "${INCPATH}"; done)
+-readarray -t NEW_INC < <(awk '/)/{f=0} /include\(/{f=1} f{nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){print nf}}' /etc/rsyslog.conf)
+-readarray -t RSYSLOG_INCLUDE < <(for INCPATH in "${NEW_INC[@]}"; do eval printf '%s\\n' "${INCPATH}"; done)
+-
+-# Declare an array to hold the final list of different log file paths
+-declare -a LOG_FILE_PATHS
+-
+-# Array to hold all rsyslog config entries
+-RSYSLOG_CONFIGS=()
+-RSYSLOG_CONFIGS=("${RSYSLOG_ETC_CONFIG}" "${RSYSLOG_INCLUDE_CONFIG[@]}" "${RSYSLOG_INCLUDE[@]}")
+-
+-# Get full list of files to be checked
+-# RSYSLOG_CONFIGS may contain globs such as
+-# /etc/rsyslog.d/*.conf /etc/rsyslog.d/*.frule
+-# So, loop over the entries in RSYSLOG_CONFIGS and use find to get the list of included files.
+-RSYSLOG_CONFIG_FILES=()
+-for ENTRY in "${RSYSLOG_CONFIGS[@]}"
+-do
+-	# If directory, rsyslog will search for config files in recursively.
+-	# However, files in hidden sub-directories or hidden files will be ignored.
+-	if [ -d "${ENTRY}" ]
+-	then
+-		readarray -t FINDOUT < <(find "${ENTRY}" -not -path '*/.*' -type f)
+-		RSYSLOG_CONFIG_FILES+=("${FINDOUT[@]}")
+-	elif [ -f "${ENTRY}" ]
+-	then
+-		RSYSLOG_CONFIG_FILES+=("${ENTRY}")
+-	else
+-		echo "Invalid include object: ${ENTRY}"
+-	fi
+-done
+-
+-# Browse each file selected above as containing paths of log files
+-# ('/etc/rsyslog.conf' and '/etc/rsyslog.d/*.conf' in the default configuration)
+-for LOG_FILE in "${RSYSLOG_CONFIG_FILES[@]}"
+-do
+-	# From each of these files extract just particular log file path(s), thus:
+-	# * Ignore lines starting with space (' '), comment ('#"), or variable syntax ('$') characters,
+-	# * Ignore empty lines,
+-	# * Strip quotes and closing brackets from paths.
+-	# * Ignore paths that match /dev|/etc.*\.conf, as those are paths, but likely not log files
+-	# * From the remaining valid rows select only fields constituting a log file path
+-	# Text file column is understood to represent a log file path if and only if all of the following are met:
+-	# * it contains at least one slash '/' character,
+-	# * it is preceded by space
+-	# * it doesn't contain space (' '), colon (':'), and semicolon (';') characters
+-	# Search log file for path(s) only in case it exists!
+-	if [[ -f "${LOG_FILE}" ]]
+-	then
+-		NORMALIZED_CONFIG_FILE_LINES=$(sed -e "/^[#|$]/d" "${LOG_FILE}")
+-		LINES_WITH_PATHS=$(grep '[^/]*\s\+\S*/\S\+$' <<< "${NORMALIZED_CONFIG_FILE_LINES}")
+-		FILTERED_PATHS=$(awk '{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/",$NF);print $NF}}' <<< "${LINES_WITH_PATHS}")
+-		CLEANED_PATHS=$(sed -e "s/[\"')]//g; /\\/etc.*\.conf/d; /\\/dev\\//d" <<< "${FILTERED_PATHS}")
+-		MATCHED_ITEMS=$(sed -e "/^$/d" <<< "${CLEANED_PATHS}")
+-		# Since above sed command might return more than one item (delimited by newline), split the particular
+-		# matches entries into new array specific for this log file
+-		readarray -t ARRAY_FOR_LOG_FILE <<< "$MATCHED_ITEMS"
+-		# Concatenate the two arrays - previous content of $LOG_FILE_PATHS array with
+-		# items from newly created array for this log file
+-		LOG_FILE_PATHS+=("${ARRAY_FOR_LOG_FILE[@]}")
+-		# Delete the temporary array
+-		unset ARRAY_FOR_LOG_FILE
+-	fi
+-done
+-{{% if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204", "sle15", "sle12"] %}}
+-DESIRED_PERM_MOD=640
+-{{% else %}}
+-DESIRED_PERM_MOD=600
+-{{% endif %}}
+-# Correct the form o
+-for LOG_FILE_PATH in "${LOG_FILE_PATHS[@]}"
+-do
+-	# Sanity check - if particular $LOG_FILE_PATH is empty string, skip it from further processing
+-	if [ -z "$LOG_FILE_PATH" ]
+-	then
+-		continue
+-	fi
+-
+-	# Also for each log file check if its permissions differ from 600. If so, correct them
+-	if [ -f "$LOG_FILE_PATH" ] && [ "$(/usr/bin/stat -c %a "$LOG_FILE_PATH")" -ne $DESIRED_PERM_MOD ]
+-	then
+-		/bin/chmod $DESIRED_PERM_MOD "$LOG_FILE_PATH"
+-	fi
+-done
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
+deleted file mode 100644
+index 559d5fb101..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
++++ /dev/null
+@@ -1,131 +0,0 @@
+-<def-group oval_version="5.11">
+-  <definition class="compliance" id="rsyslog_files_permissions" version="1">
+-    {{{ oval_metadata("File permissions for all syslog log files should be set correctly.") }}}
+-
+-    <criteria operator="AND">
+-      {{% if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804"] %}}
+-      <extend_definition comment="rsyslog daemon is used as local logging daemon" definition_ref="package_rsyslog_installed" />
+-      {{% endif %}}
+-      <criterion comment="Check permissions of all system log files" test_ref="test_rsyslog_files_permissions" />
+-    </criteria>
+-
+-  </definition>
+-
+-  <!-- First obtain rsyslog's $IncludeConfig directive and include() object (introduced in rsyslog v8.33.0) values.
+-       To workaround empty include objects case, when FunctionGroup operations return "does not exist" result, added empty string match -->
+-  <ind:textfilecontent54_object id="object_rfp_rsyslog_include_config_value" comment="rsyslog's $IncludeConfig directive and include() object values" version="1">
+-    <ind:filepath>/etc/rsyslog.conf</ind:filepath>
+-    <ind:pattern operation="pattern match">^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$</ind:pattern>
+-    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+-    <filter action="exclude">state_permissions_ignore_hidden_paths</filter>
+-  </ind:textfilecontent54_object>
+-
+-  <ind:textfilecontent54_state id="state_permissions_ignore_hidden_paths" comment="ignore hidden conf files" version="1">
+-    <!-- Among the paths matched in object_rfp_rsyslog_include_config_value there can be paths from
+-         include() or $IncludeConfig that point to hidden dirs or files.
+-         Rsyslog ignores these conf files, so we should ignore them too.
+-    -->
+-    <ind:subexpression operation="pattern match">^.*\/\..*$</ind:subexpression>
+-  </ind:textfilecontent54_state>
+-
+-  <!-- Turn that glob value into Perl's regex so it can be used as filepath pattern below -->
+-  <local_variable id="var_rfp_include_config_regex" datatype="string" version="1" comment="$IncludeConfig value converted to regex">
+-    <unique>
+-      <glob_to_regex>
+-        <object_component item_field="subexpression" object_ref="object_rfp_rsyslog_include_config_value" />
+-      </glob_to_regex>
+-    </unique>
+-  </local_variable>
+-
+-  <!-- Create a variable_object from the regex variable
+-       If the variable has no values, there won't be any objects -->
+-  <ind:variable_object id="object_var_rfp_include_config_regex" comment="Make variable object from regex variable" version="1">
+-    <ind:var_ref>var_rfp_include_config_regex</ind:var_ref>
+-  </ind:variable_object>
+-
+-  <local_variable id="var_rfp_syslog_config" datatype="string" version="1" comment="Locations of all rsyslog configuration files as collection">
+-    <literal_component datatype="string">^/etc/rsyslog.conf$</literal_component>
+-  </local_variable>
+-
+-  <ind:variable_object id="object_var_rfp_syslog_config" comment="Make variable object for use" version="1">
+-    <ind:var_ref>var_rfp_syslog_config</ind:var_ref>
+-  </ind:variable_object>
+-
+-  <!-- Combine the two variable_objects into one variable_object
+-       We do it this way to avoid referencing an empty variable in a state comparison, which
+-       will cause a test to evaluate to fail. Combining an empty set of objects is fine though -->
+-  <ind:variable_object id="object_var_rfp_all_log_files" comment="Filter out empty string" version="1">
+-    <set>
+-      <object_reference>object_var_rfp_include_config_regex</object_reference>
+-      <object_reference>object_var_rfp_syslog_config</object_reference>
+-    </set>
+-  </ind:variable_object>
+-
+-  <!-- In element filepath of object_rfg_log_files_paths we need to pass a list of values,
+-       a list of objects won't do. So we make a local_variable from the variable_objects. -->
+-  <local_variable id="var_rfp_all_log_files" datatype="string" version="1" comment="Locations of all rsyslog configuration files as collection">
+-    <object_component object_ref="object_var_rfp_all_log_files" item_field="value"/>
+-  </local_variable>
+-
+-  <!-- For each item from that collection (particular rsyslog's configuration file path) search
+-       that rsyslog's configuration file to select file paths for log files directives
+-  -->
+-  <ind:textfilecontent54_object id="object_rfp_log_files_paths" comment="All rsyslog configuration files" version="1">
+-    <ind:filepath operation="pattern match" var_ref="var_rfp_all_log_files" var_check="at least one" />
+-    <!-- Chunk of text retrieved from rsyslog's configuration file is considered
+-         to constitute a log file path if all of the following conditions are met:
+-         * the string represents a regular file on particular file system
+-           (verified via corresponding file_state below),
+-         * the chunk of text is in the last column in the row,
+-           (possibly suffixed by ';' character and rsyslog Template name),
+-         * contains at least one slash '/' character, and simultaneously
+-           doesn't contain any of ';', ':' and space characters,
+-         * the chunk was retrieved from a row not starting with space, '#',
+-           or '$' characters
+-    -->
+-    <ind:pattern operation="pattern match">^[^(\s|#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*\.*$</ind:pattern>
+-    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+-    <filter action="exclude">state_permissions_ignore_include_paths</filter>
+-  </ind:textfilecontent54_object>
+-
+-  <ind:textfilecontent54_state id="state_permissions_ignore_include_paths" comment="ignore" version="1">
+-    <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
+-         include() or $IncludeConfig statements.
+-         These paths are conf files, not log files. Their permissions don't need to be as
+-         required for log files, thus, lets exclude them from the list of objects found
+-    -->
+-    <ind:text operation="pattern match">(?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+|\/dev\/.*)</ind:text>
+-  </ind:textfilecontent54_state>
+-
+-  <!-- Define OVAL variable to hold all the various system log files locations
+-       retrieved from the different rsyslog configuration files
+-  -->
+-  <local_variable id="var_rfp_log_files_paths" datatype="string" version="1" comment="File paths of all rsyslog configuration files">
+-    <object_component item_field="subexpression" object_ref="object_rfp_log_files_paths" />
+-  </local_variable>
+-
+-  <!-- Perform the test if all rsyslog system log files have correct permissions -->
+-  <unix:file_test check="all" check_existence="all_exist" id="test_rsyslog_files_permissions" version="1" comment="Permissions of system log files are correct">
+-    <unix:object object_ref="object_rsyslog_files_permissions" />
+-    <unix:state state_ref="state_rsyslog_files_permissions" />
+-  </unix:file_test>
+-
+-  <unix:file_object id="object_rsyslog_files_permissions" comment="Various system log files" version="1">
+-    <unix:filepath datatype="string" var_ref="var_rfp_log_files_paths" var_check="at least one" />
+-  </unix:file_object>
+-
+-  <unix:file_state id="state_rsyslog_files_permissions" version="1">
+-    <unix:type operation="equals">regular</unix:type>
+-    <unix:uexec datatype="boolean">false</unix:uexec>
+-    {{% if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204", "sle15", "sle12"] %}}
+-    <unix:gread datatype="boolean">true</unix:gread>
+-    {{% else %}}
+-    <unix:gread datatype="boolean">false</unix:gread>
+-    {{% endif %}}
+-    <unix:gwrite datatype="boolean">false</unix:gwrite>
+-    <unix:gexec datatype="boolean">false</unix:gexec>
+-    <unix:oread datatype="boolean">false</unix:oread>
+-    <unix:owrite datatype="boolean">false</unix:owrite>
+-    <unix:oexec datatype="boolean">false</unix:oexec>
+-  </unix:file_state>
+-</def-group>
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
+index 508ff73cde..042c35362d 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
+@@ -1,18 +1,24 @@
++{{%- if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204", "sle15", "sle12"] %}}
++    {{%- set rsyslog_perm='640' %}}
++{{%- else %}}
++    {{%- set rsyslog_perm='600' %}}
++{{%- endif %}}
++
+ documentation_complete: true
+ 
+ title: 'Ensure System Log Files Have Correct Permissions'
+ 
+ description: |-
+     The file permissions for all log files written by <tt>rsyslog</tt> should
+-    be set to 600, or more restrictive. These log files are determined by the
++    be set to {{{ rsyslog_perm }}}, or more restrictive. These log files are determined by the
+     second part of each Rule line in <tt>/etc/rsyslog.conf</tt> and typically
+     all appear in <tt>/var/log</tt>. For each log file <i>LOGFILE</i>
+     referenced in <tt>/etc/rsyslog.conf</tt>, run the following command to
+     inspect the file's permissions:
+     <pre>$ ls -l <i>LOGFILE</i></pre>
+-    If the permissions are not 600 or more restrictive, run the following
++    If the permissions are not {{{ rsyslog_perm }}} or more restrictive, run the following
+     command to correct this:
+-    <pre>$ sudo chmod 0600 <i>LOGFILE</i></pre>"
++    <pre>$ sudo chmod {{{ rsyslog_perm }}} <i>LOGFILE</i></pre>"
+ 
+ rationale: |-
+     Log files can contain valuable information regarding system
+@@ -46,9 +52,23 @@ ocil_clause: 'the permissions are not correct'
+ 
+ ocil: |-
+     The file permissions for all log files written by <tt>rsyslog</tt> should
+-    be set to 600, or more restrictive. These log files are determined by the
++    be set to {{{ rsyslog_perm }}}, or more restrictive. These log files are determined by the
+     second part of each Rule line in <tt>/etc/rsyslog.conf</tt> and typically
+     all appear in <tt>/var/log</tt>. To see the permissions of a given log
+     file, run the following command:
+     <pre>$ ls -l <i>LOGFILE</i></pre>
+-    The permissions should be 600, or more restrictive.
++    The permissions should be {{{ rsyslog_perm }}}, or more restrictive.
++
++template:
++  name: rsyslog_logfiles_attributes_modify
++  vars:
++    attribute: permissions
++    value: '0600'
++    value@debian10: '0640'
++    value@debian11: '0640'
++    value@sle12: '0640'
++    value@sle15: '0640'
++    value@ubuntu1604: '0640'
++    value@ubuntu1804: '0640'
++    value@ubuntu2004: '0640'
++    value@ubuntu2204: '0640'
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh
+deleted file mode 100755
+index c27e7874d9..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh
++++ /dev/null
+@@ -1,40 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check rsyslog.conf with log file permissions 0600 from rules and
+-# log file permissions 0600 from $IncludeConfig passes.
+-# test $IncludeConfig with wildcard (*.conf)
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS=0600
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files and permissions
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*.conf
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh
+deleted file mode 100755
+index 124b5e863e..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh
++++ /dev/null
+@@ -1,41 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+-
+-# Check rsyslog.conf with log file permissions 0600 from rules and
+-# log file permissions 0601 from $IncludeConfig fails.
+-# test $IncludeConfig with wildcard (*.conf)
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS_PASS=0600
+-PERMS_FAIL=0601
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files and permissions
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*      ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*.conf
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
+deleted file mode 100755
+index a6ff6a1109..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
++++ /dev/null
+@@ -1,39 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check rsyslog.conf with log file permissions 0600 from rules and
+-# log file permissions 0600 from $IncludeConfig passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS=0600
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files and permissions
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-\$IncludeConfig ${test_conf}
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
+deleted file mode 100755
+index 2ae5c89a4e..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
++++ /dev/null
+@@ -1,40 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+-
+-# Check rsyslog.conf with log file permissions 0600 from rules and
+-# log file permissions 0601 from $IncludeConfig fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS_PASS=0600
+-PERMS_FAIL=0601
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files and permissions
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*      ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-\$IncludeConfig ${test_conf}
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0600.pass.sh
+deleted file mode 100755
+index a5a2f67fad..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0600.pass.sh
++++ /dev/null
+@@ -1,85 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check rsyslog.conf with log file permissions 0600 from rules and
+-# log file permissions 0600 from $IncludeConfig passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS=0600
+-
+-# setup test data
+-create_rsyslog_test_logs 5
+-
+-# setup test log files and permissions
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[1]}
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[2]}
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[3]}
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[4]}
+-
+-# create test configuration files
+-conf_subdir=${RSYSLOG_TEST_DIR}/subdir
+-conf_hiddir=${RSYSLOG_TEST_DIR}/.hiddir
+-mkdir ${conf_subdir}
+-mkdir ${conf_hiddir}
+-
+-test_conf_in_subdir=${conf_subdir}/in_subdir.conf
+-test_conf_name_bak=${RSYSLOG_TEST_DIR}/name.bak
+-
+-test_conf_in_hiddir=${conf_hiddir}/in_hiddir.conf
+-test_conf_dot_name=${RSYSLOG_TEST_DIR}/.name.conf
+-
+-cat << EOF > ${test_conf_in_subdir}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-cat << EOF > ${test_conf_name_bak}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[2]}
+-EOF
+-
+-cat << EOF > ${test_conf_in_hiddir}
+-# rsyslog configuration file
+-# not used
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[3]}
+-EOF
+-
+-cat << EOF > ${test_conf_dot_name}
+-# rsyslog configuration file
+-# not used
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[4]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${RSYSLOG_TEST_DIR}/*/*.conf" mode="optional")
+-include(file="${RSYSLOG_TEST_DIR}/*.conf" mode="optional")
+-include(file="${RSYSLOG_TEST_DIR}" mode="optional")
+-
+-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*/*.conf
+-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*.conf
+-\$IncludeConfig ${RSYSLOG_TEST_DIR}
+-
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0601.fail.sh
+deleted file mode 100755
+index fe4db0a3c9..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0601.fail.sh
++++ /dev/null
+@@ -1,86 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check rsyslog.conf with log file permissions 0600 from rules and
+-# log file permissions 0601 from $IncludeConfig fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS_PASS=0600
+-PERMS_FAIL=0601
+-
+-# setup test data
+-create_rsyslog_test_logs 5
+-
+-# setup test log files and permissions
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[1]}
+-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[2]}
+-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[3]}
+-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[4]}
+-
+-# create test configuration files
+-conf_subdir=${RSYSLOG_TEST_DIR}/subdir
+-conf_hiddir=${RSYSLOG_TEST_DIR}/.hiddir
+-mkdir ${conf_subdir}
+-mkdir ${conf_hiddir}
+-
+-test_conf_in_subdir=${conf_subdir}/in_subdir.conf
+-test_conf_name_bak=${RSYSLOG_TEST_DIR}/name.bak
+-
+-test_conf_in_hiddir=${conf_hiddir}/in_hiddir.conf
+-test_conf_dot_name=${RSYSLOG_TEST_DIR}/.name.conf
+-
+-cat << EOF > ${test_conf_in_subdir}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-cat << EOF > ${test_conf_name_bak}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[2]}
+-EOF
+-
+-cat << EOF > ${test_conf_in_hiddir}
+-# rsyslog configuration file
+-# not used
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[3]}
+-EOF
+-
+-cat << EOF > ${test_conf_dot_name}
+-# rsyslog configuration file
+-# not used
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[4]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${RSYSLOG_TEST_DIR}/*/*.conf" mode="optional")
+-include(file="${RSYSLOG_TEST_DIR}/*.conf" mode="optional")
+-include(file="${RSYSLOG_TEST_DIR}" mode="optional")
+-
+-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*/*.conf
+-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*.conf
+-\$IncludeConfig ${RSYSLOG_TEST_DIR}
+-
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
+deleted file mode 100755
+index eabcb21956..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
++++ /dev/null
+@@ -1,41 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with log file permissions 0600 from rules and
+-# log file permissions 0600 from multiline include() passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS=0600
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files and permissions
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(
+-   file="${test_conf}"
+-)
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
+deleted file mode 100755
+index 32cd4c334a..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
++++ /dev/null
+@@ -1,39 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with log file permissions 0600 from rules and
+-# log file permissions 0600 from include() passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS=0600
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files and permissions
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
+deleted file mode 100755
+index 357d4f9718..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
++++ /dev/null
+@@ -1,52 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+-
+-# Check rsyslog.conf with log file permisssions 0600 from rules and
+-# log file permissions 0600 from include() passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS_PASS=0600
+-
+-# setup test data
+-create_rsyslog_test_logs 3
+-
+-# setup test log files and permissions
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[1]}
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[2]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create test2 configuration file
+-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
+-cat << EOF > ${test_conf2}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[2]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-
+-\$IncludeConfig ${test_conf2}
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
+deleted file mode 100755
+index 7bdb830c00..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
++++ /dev/null
+@@ -1,53 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+-
+-# Check rsyslog.conf with log file permisssions 0600 from rules and
+-# log file permissions 0601 from include() fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS_PASS=0600
+-PERMS_FAIL=0601
+-
+-# setup test data
+-create_rsyslog_test_logs 3
+-
+-# setup test log files and permissions
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[1]}
+-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[2]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create test2 configuration file
+-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
+-cat << EOF > ${test_conf2}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[2]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-
+-\$IncludeConfig ${test_conf2}
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_hidden.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_hidden.pass.sh
+deleted file mode 100644
+index 9b0185c6b2..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_hidden.pass.sh
++++ /dev/null
+@@ -1,53 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+-
+-# Check rsyslog.conf with log file permisssions 0600 from rules and
+-# log file permissions 0601 from include() fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS_PASS=0600
+-PERMS_FAIL=0601
+-
+-# setup test data
+-create_rsyslog_test_logs 3
+-
+-# setup test log files and permissions
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[1]}
+-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[2]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create hidden test2 configuration file
+-test_conf2=${RSYSLOG_TEST_DIR}/.test2.conf
+-cat << EOF > ${test_conf2}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[2]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-
+-\$IncludeConfig ${test_conf2}
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_missing.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_missing.pass.sh
+deleted file mode 100644
+index b929f2a94a..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_missing.pass.sh
++++ /dev/null
+@@ -1,45 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+-
+-# Check rsyslog.conf with log file permisssions 0600 from rules and
+-# log file permissions 0601 from include() fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS_PASS=0600
+-PERMS_FAIL=0601
+-
+-# setup test data
+-create_rsyslog_test_logs 3
+-
+-# setup test log files and permissions
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[1]}
+-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[2]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# Skip creation test2 configuration file
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-
+-\$IncludeConfig ${test_conf2}
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_cloudinit.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_cloudinit.pass.sh
+deleted file mode 100644
+index 2eb515a43e..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_cloudinit.pass.sh
++++ /dev/null
+@@ -1,23 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS=0600
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files and permissions
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[@]}
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-:syslogtag, isequal, "[CLOUDINIT]" ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
+deleted file mode 100755
+index fd3f9e92ec..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
++++ /dev/null
+@@ -1,41 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+-
+-# Check rsyslog.conf with log file permissions 0600 from rules and
+-# log file permissions 0601 from include() fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS_FAIL=0601
+-
+-PERMS_PASS=0600
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files and permissions
+-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
+-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*      ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601_cloudinit.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601_cloudinit.fail.sh
+deleted file mode 100644
+index 7a598626d0..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601_cloudinit.fail.sh
++++ /dev/null
+@@ -1,22 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files and permissions
+-chmod 0600 ${RSYSLOG_TEST_LOGS[0]}
+-chmod 0601 ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-:syslogtag, isequal, "[CLOUDINIT]" ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_group_read.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_group_read.pass.sh
+new file mode 100755
+index 0000000000..b3846fec47
+--- /dev/null
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_group_read.pass.sh
+@@ -0,0 +1,25 @@
++#!/bin/bash
++# platform = multi_platform_sle,multi_platform_ubuntu
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++CHATTR="chmod"
++ATTR_VALUE="0640"
++
++# create three test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# add rules with both syntax for different test log files
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[0]}
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
++
++EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_stricter.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_stricter.pass.sh
+new file mode 100755
+index 0000000000..0b4cb5dce0
+--- /dev/null
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_stricter.pass.sh
+@@ -0,0 +1,25 @@
++#!/bin/bash
++# platform = multi_platform_all
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++CHATTR="chmod"
++ATTR_VALUE="0400"
++
++# create three test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# add rules with both syntax for different test log files
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[0]}
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
++
++EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
+deleted file mode 100755
+index fbdcd18f77..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
++++ /dev/null
+@@ -1,35 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check if log file with permissions 0600 in rsyslog.conf passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS=0600
+-
+-# setup test data
+-create_rsyslog_test_logs 4
+-
+-# setup all files with incorrect permission
+-chmod 0601 "${RSYSLOG_TEST_LOGS[@]}"
+-
+-# setup the real logfile with correct permissions
+-chmod $PERMS "${RSYSLOG_TEST_LOGS[0]}"
+-
+-# add rule with 0600 permissions log file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*        ${RSYSLOG_TEST_LOGS[0]}
+-
+- *.*        ${RSYSLOG_TEST_LOGS[1]}
+-
+-authpriv.*        /nonexistent_file
+-
+-# *.*        /irrelevant_file
+-
+-\$something /irrelevant_file
+-
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
+deleted file mode 100755
+index 75e9558c63..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
++++ /dev/null
+@@ -1,34 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check if log file with permissions 0601 in rsyslog.conf fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-PERMS=0601
+-
+-# setup test data
+-create_rsyslog_test_logs 3
+-
+-# setup test log file and permissions
+-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
+-
+-# add rule with 0601 permissions log file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-cron.*        /nonexistent_file
+-
+- authpriv.*        /irrelevant_file
+-
+-# *.*        /irrelevant_file
+-
+-\$something /irrelevant_file
+-
+-something.*	${RSYSLOG_TEST_LOGS[2]}
+-
+-EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template b/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template
+index fc9e8844b6..81d6220415 100644
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template
+@@ -20,7 +20,7 @@
+ - name: '{{{ rule_title }}} - Get include files directives'
+   ansible.builtin.shell: |
+     set -o pipefail
+-    grep -oP '^\s*include\s*\(\s*file.*' {{ rsyslog_etc_config }} |cut  -d"\"" -f 2 || true
++    awk '/)/{f=0} /include\(/{f=1} f{nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){print nf}}' {{ rsyslog_etc_config }} || true
+   register: rsyslog_new_inc
+   changed_when: False
+ 
+@@ -61,8 +61,9 @@
+ - name: '{{{ rule_title }}} -Setup log files attribute'
+   ansible.builtin.file:
+     path: "{{ item }}"
+-    owner: '{{ ( "{{{ ATTRIBUTE }}}" is match("owner")) | ternary({{{ VALUE }}}, omit) }}'
+-    group: '{{ ( "{{{ ATTRIBUTE }}}" is match("groupowner")) | ternary({{{ VALUE }}} , omit) }}'
++    {{{ 'owner: ' ~ VALUE if ATTRIBUTE == "owner" }}}
++    {{{- 'group: ' ~ VALUE if ATTRIBUTE == "groupowner" }}}
++    {{{- 'mode: ' ~ VALUE if ATTRIBUTE == "permissions" }}}
+     state: file
+   loop: "{{ log_files | list | flatten | unique }}"
+   failed_when: false
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/bash.template b/shared/templates/rsyslog_logfiles_attributes_modify/bash.template
+index ab4a563dc5..d6755d5692 100644
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/bash.template
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/bash.template
+@@ -48,7 +48,8 @@ do
+ 	# * Strip quotes and closing brackets from paths.
+ 	# * Ignore paths that match /dev|/etc.*\.conf, as those are paths, but likely not log files
+ 	# * From the remaining valid rows select only fields constituting a log file path
+-	# Text file column is understood to represent a log file path if and only if all of the following are met:
++	# Text file column is understood to represent a log file path if and only if all of the
++	# following are met:
+ 	# * it contains at least one slash '/' character,
+ 	# * it is preceded by space
+ 	# * it doesn't contain space (' '), colon (':'), and semicolon (';') characters
+@@ -60,8 +61,8 @@ do
+ 		FILTERED_PATHS=$(awk '{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/",$NF);print $NF}}' <<< "${LINES_WITH_PATHS}")
+ 		CLEANED_PATHS=$(sed -e "s/[\"')]//g; /\\/etc.*\.conf/d; /\\/dev\\//d" <<< "${FILTERED_PATHS}")
+ 		MATCHED_ITEMS=$(sed -e "/^$/d" <<< "${CLEANED_PATHS}")
+-		# Since above sed command might return more than one item (delimited by newline), split the particular
+-		# matches entries into new array specific for this log file
++		# Since above sed command might return more than one item (delimited by newline), split
++		# the particular matches entries into new array specific for this log file
+ 		readarray -t ARRAY_FOR_LOG_FILE <<< "$MATCHED_ITEMS"
+ 		# Concatenate the two arrays - previous content of $LOG_FILE_PATHS array with
+ 		# items from newly created array for this log file
+@@ -71,7 +72,8 @@ do
+ 	fi
+ done
+ 
+-# Check for RainerScript action log format which might be also multiline so grep regex is a bit curly
++# Check for RainerScript action log format which might be also multiline so grep regex is a bit
++# curly:
+ # extract possibly multiline action omfile expressions
+ # extract File="logfile" expression
+ # match only "logfile" expression
+@@ -82,22 +84,10 @@ do
+ 	LOG_FILE_PATHS+=("$(echo "${OMFILE_LINES}"| grep -oE "\"([/[:alnum:][:punct:]]*)\""|tr -d "\"")")
+ done
+ 
+-FILE_PARAM="{{{ ATTRIBUTE }}}"
+-FILE_CMD=""
+-case "$FILE_PARAM" in
+-     "groupowner")
+-        FILE_CMD=$(which chgrp)
+-        ;;
+-     "owner")
+-        FILE_CMD=$(which chown)
+-        ;;
+-      *)
+-        echo -n "Not supported file attribute! "
+-        exit 1
+-      ;;
+-esac
+-
+-# Correct the form o
++# Ensure the correct attribute if file exists
++{{{ 'FILE_CMD="chown"' if ATTRIBUTE == "owner" }}}
++{{{- 'FILE_CMD="chgrp"' if ATTRIBUTE == "groupowner" }}}
++{{{- 'FILE_CMD="chmod"' if ATTRIBUTE == "permissions" }}}
+ for LOG_FILE_PATH in "${LOG_FILE_PATHS[@]}"
+ do
+ 	# Sanity check - if particular $LOG_FILE_PATH is empty string, skip it from further processing
+@@ -105,6 +95,5 @@ do
+ 	then
+ 		continue
+ 	fi
+-
+-	$FILE_CMD "+{{{ VALUE }}}" "$LOG_FILE_PATH"
++	$FILE_CMD "{{{ VALUE }}}" "$LOG_FILE_PATH"
+ done
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/oval.template b/shared/templates/rsyslog_logfiles_attributes_modify/oval.template
+index 4f288df1c9..243d678852 100644
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/oval.template
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/oval.template
+@@ -3,59 +3,57 @@
+     {{{ oval_metadata("All syslog log files should have appropriate ownership.") }}}
+     <criteria operator="AND">
+       {{% if product in ["debian10", "debian11", "ubuntu1604"] %}}
+-      <extend_definition comment="rsyslog daemon is used as local logging daemon"
+-      definition_ref="package_rsyslog_installed" />
++      <extend_definition definition_ref="package_rsyslog_installed"
++        comment="rsyslog daemon is used as local logging daemon"/>
+       {{% endif %}}
+-      <criterion comment="Check if all system log files are owned by the appropriate 
+-      {{{ ATTRIBUTE  }}}" test_ref="test_{{{ _RULE_ID }}}" />
++      <criterion test_ref="test_{{{ _RULE_ID }}}"
++        comment="Check if all system log files have appropriate {{{ ATTRIBUTE }}} set"/>
+     </criteria>
+-
+   </definition>
+ 
+-  <!-- First obtain rsyslog's $IncludeConfig directive and include() object (introduced in rsyslog
+-  v8.33.0) values.  -->
+-  
+-  <ind:textfilecontent54_object id="object_{{{ _RULE_ID }}}_include_config_value"
+-       comment="rsyslog's $IncludeConfig directive and include() object values" version="1">
++  <!-- First obtain rsyslog's $IncludeConfig directive and include() object values.
++       The last was introduced in rsyslog v8.33.0). -->
++  <ind:textfilecontent54_object id="object_{{{ _RULE_ID }}}_include_config_value" version="1"
++       comment="rsyslog's $IncludeConfig and include() statements values.">
+     <ind:filepath>/etc/rsyslog.conf</ind:filepath>
+     <ind:pattern
+-    operation="pattern match">^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$</ind:pattern>
++      operation="pattern match">^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$</ind:pattern>
+     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+   </ind:textfilecontent54_object>
+ 
+   <!-- Turn that glob value into Perl's regex so it can be used as filepath pattern below -->
+   <local_variable id="var_{{{ _RULE_ID }}}_include_config_regex" datatype="string" version="1"
+-  comment="$IncludeConfig value converted to regex">
++    comment="rsyslog's include config values converted to regex.">
+     <unique>
+       <glob_to_regex>
+         <object_component item_field="subexpression"
+-                          object_ref="object_{{{ _RULE_ID }}}_include_config_value" />
++          object_ref="object_{{{ _RULE_ID }}}_include_config_value"/>
+       </glob_to_regex>
+     </unique>
+   </local_variable>
+ 
+-  <!-- Create a variable_object from the regex variable
+-       If the variable has no values, there won't be any objects -->
+-  <ind:variable_object id="object_var_{{{ _RULE_ID }}}_include_config_regex"
+-                       comment="Make variable object from regex variable" version="1">
++  <!-- Create a variable_object from the regex variable.
++       If the variable has no values, there won't be any objects. -->
++  <ind:variable_object id="object_var_{{{ _RULE_ID }}}_include_config_regex" version="1"
++    comment="Make variable object from regex variable.">
+     <ind:var_ref>var_{{{ _RULE_ID }}}_include_config_regex</ind:var_ref>
+   </ind:variable_object>
+ 
+-  <local_variable id="var_{{{ _RULE_ID }}}_syslog_config" datatype="string"
+-                  version="1" comment="Locations of all rsyslog configuration files as collection">
++  <local_variable id="var_{{{ _RULE_ID }}}_syslog_config" datatype="string" version="1"
++    comment="Main rsyslog configuration file.">
+     <literal_component datatype="string">^/etc/rsyslog.conf$</literal_component>
+   </local_variable>
+ 
+-  <ind:variable_object id="object_var_{{{ _RULE_ID }}}_syslog_config"
+-                       comment="Make variable object for use" version="1">
++  <ind:variable_object id="object_var_{{{ _RULE_ID }}}_syslog_config" version="1"
++    comment="Make variable object from local variable.">
+     <ind:var_ref>var_{{{ _RULE_ID }}}_syslog_config</ind:var_ref>
+   </ind:variable_object>
+ 
+-  <!-- Combine the two variable_objects into one variable_object
+-       We do it this way to avoid referencing an empty variable in a state comparison, which
+-       will cause a test to evaluate to fail. Combining an empty set of objects is fine though -->
+-  <ind:variable_object id="object_var_{{{ _RULE_ID }}}_all_log_files"
+-                       comment="Filter out empty string" version="1">
++  <!-- Combine the two variable_objects into one variable_object.
++       We do it this way to avoid referencing an empty variable in a state comparison, which will
++       cause a test to evaluate to fail. Combining an empty set of objects is fine though. -->
++  <ind:variable_object id="object_var_{{{ _RULE_ID }}}_all_conf_files" version="1"
++    comment="Variable containing all rsyslog configuration files.">
+     <set>
+       <object_reference>object_var_{{{ _RULE_ID }}}_include_config_regex</object_reference>
+       <object_reference>object_var_{{{ _RULE_ID }}}_syslog_config</object_reference>
+@@ -64,74 +62,72 @@
+ 
+   <!-- In element filepath of object_rfg_log_files_paths we need to pass a list of values,
+        a list of objects won't do. So we make a local_variable from the variable_objects. -->
+-  <local_variable id="var_{{{ _RULE_ID }}}_all_log_files" datatype="string" version="1"
+-                  comment="Locations of all rsyslog configuration files as collection">
+-    <object_component object_ref="object_var_{{{ _RULE_ID }}}_all_log_files" item_field="value"/>
++  <local_variable id="var_{{{ _RULE_ID }}}_all_conf_files" datatype="string" version="1"
++    comment="Locations of all rsyslog configuration files as collection.">
++    <object_component object_ref="object_var_{{{ _RULE_ID }}}_all_conf_files" item_field="value"/>
+   </local_variable>
+ 
+-  <!-- For each item from that collection (particular rsyslog's configuration file path) search
+-       that rsyslog's configuration file to select file paths for log files directives
+-  -->
+-  <ind:textfilecontent54_object id="object_{{{ _RULE_ID }}}_log_files_paths"
+-                                comment="All rsyslog configuration files" version="1">
+-    <ind:filepath operation="pattern match" var_ref="var_{{{ _RULE_ID }}}_all_log_files"
+-                  var_check="at least one" />
+-    <!-- Chunk of text retrieved from rsyslog's configuration file is considered
+-         to constitute a log file path if all of the following conditions are met:
+-         * the string represents a regular file on particular file system
+-           (verified via corresponding file_state below),
+-         * the chunk of text is in the last column in the row,
+-           (possibly suffixed by ';' character and rsyslog Template name),
+-         * contains at least one slash '/' character, and simultaneously
+-           doesn't contain any of ';', ':' and space characters,
+-         * the chunk was retrieved from a row not starting with space, '#',
+-           or '$' characters
+-    -->
+-    <ind:pattern 
+-     operation="pattern match">^\s*[^(\s|#|\$)]+\s+-?[\w\(="\s]*(\/[^:;\s"]+)+.*$</ind:pattern>
++  <!-- For each item from that collection (particular rsyslog's configuration files paths) search
++       that rsyslog's configuration files to select file paths for log files directives -->
++  <ind:textfilecontent54_object id="object_{{{ _RULE_ID }}}_log_files_paths" version="1"
++    comment="All rsyslog log files collected from rsyslog configuration files." >
++    <ind:filepath operation="pattern match" var_check="at least one"
++      var_ref="var_{{{ _RULE_ID }}}_all_conf_files"/>
++      <!-- Chunk of text retrieved from rsyslog's configuration file is considered to constitute
++           a log file path if all of the following conditions are met:
++            * the string represents a regular file on particular file system
++              (verified via corresponding file_state below),
++            * the chunk of text is in the last column in the row,
++              (possibly suffixed by ';' character and rsyslog Template name),
++            * contains at least one slash '/' character, and simultaneously doesn't contain any
++              of ';', ':' and space characters,
++            * the chunk was retrieved from a row not starting with space, '#', or '$' characters
++      -->
++    <ind:pattern
++      operation="pattern match">^\s*[^(\s|#|\$)]+\s+.*\s+-?[\w\(="\s]*(\/[^:;\s"]+)+.*$</ind:pattern>
+     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+-    <filter action="exclude">state_{{{ _RULE_ID }}}_ownership_ignore_include_paths</filter>
++    <filter action="exclude">state_{{{ _RULE_ID }}}_ignore_include_paths</filter>
+   </ind:textfilecontent54_object>
+ 
+-  <ind:textfilecontent54_state id="state_{{{ _RULE_ID }}}_ownership_ignore_include_paths"
+-                               comment="ignore" version="1">
+-    <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
+-         include() or $IncludeConfig statements.
+-         These paths are conf files, not log files. Their groupownership don't need to be as
+-         required for log files, thus, lets exclude them from the list of objects found
+-    -->
++  <ind:textfilecontent54_state id="state_{{{ _RULE_ID }}}_ignore_include_paths"
++    comment="ignore" version="1">
++    <!-- Among the paths matched in object_{{{ _RULE_ID }}}_log_files_paths there can be paths
++         from include() or $IncludeConfig statements. These paths are conf files, not log files.
++         Their properties don't need to be as required for log files, thus, lets exclude them
++         from the list of objects found. -->
+     <ind:text
+     operation="pattern match">(?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+|\/dev\/.*)</ind:text>
+   </ind:textfilecontent54_state>
+ 
+   <!-- Define OVAL variable to hold all the various system log files locations
+-       retrieved from the different rsyslog configuration files
+-  -->
++       retrieved from the different rsyslog configuration files. -->
+   <local_variable id="var_{{{ _RULE_ID }}}_log_files_paths" datatype="string" version="1"
+-                  comment="File paths of all rsyslog configuration files">
+-    <object_component item_field="subexpression" object_ref="object_{{{ _RULE_ID }}}_log_files_paths" />
++    comment="File paths of all rsyslog log files">
++    <object_component item_field="subexpression"
++      object_ref="object_{{{ _RULE_ID }}}_log_files_paths" />
+   </local_variable>
+ 
+-  <!-- Perform the test if all rsyslog system log files are owned by the appropriate group -->
+-  <unix:file_test check="all" check_existence="all_exist" id="test_{{{ _RULE_ID }}}" version="1"
+-                  comment="System log files are owned by the appropriate group">
+-    <unix:object object_ref="object_rsyslog_files_{{{ _RULE_ID }}}_ownership" />
++  <!-- Perform the test if all rsyslog system log files have appropriate attribute -->
++  <unix:file_test id="test_{{{ _RULE_ID }}}" check="all" check_existence="all_exist" version="1"
++    comment="System log files have appropriate {{{ ATTRIBUTE }}} set">
++    <unix:object object_ref="object_{{{ _RULE_ID }}}_{{{ ATTRIBUTE }}}" />
+     <unix:state state_ref="state_{{{ _RULE_ID }}}" />
+   </unix:file_test>
+ 
+-  <unix:file_object id="object_rsyslog_files_{{{ _RULE_ID }}}_ownership"
+-                    comment="Various system log files" version="1">
+-    <unix:filepath datatype="string" var_ref="var_{{{ _RULE_ID }}}_log_files_paths"
+-                   var_check="at least one" />
++  <unix:file_object id="object_{{{ _RULE_ID }}}_{{{ ATTRIBUTE }}}" version="1"
++    comment="All system log files collected from rsyslog configuration files">
++    <unix:filepath datatype="string" var_check="at least one"
++      var_ref="var_{{{ _RULE_ID }}}_log_files_paths"/>
+   </unix:file_object>
+ 
+   <unix:file_state id="state_{{{ _RULE_ID }}}" version="1">
+     <unix:type operation="equals">regular</unix:type>
+     {{% if ATTRIBUTE == "groupowner" %}}
+     <unix:group_id datatype="int">{{{ VALUE }}}</unix:group_id>
+-    {{% else %}}
++    {{% elif ATTRIBUTE == "owner" %}}
+     <unix:user_id datatype="int">{{{ VALUE }}}</unix:user_id>
++    {{% else %}}
++    {{{ STATEMODE | indent(4) }}}
+    {{% endif %}}
+   </unix:file_state>
+-
+ </def-group>
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/template.py b/shared/templates/rsyslog_logfiles_attributes_modify/template.py
+new file mode 100644
+index 0000000000..9ea31c9a6b
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/template.py
+@@ -0,0 +1,18 @@
++def preprocess(data, lang):
++    if lang == "oval" and data["attribute"] == 'permissions':
++        # create STATEMODE used in the OVAL template by processing the octal permission and
++        # creating the equivalent permission fields of "unix:file_state" element.
++        mode = data["value"]
++        fields = [
++            'oexec', 'owrite', 'oread', 'gexec', 'gwrite', 'gread',
++            'uexec', 'uwrite', 'uread', 'sticky', 'sgid', 'suid']
++        mode_int = int(mode, 8)
++        mode_str = ""
++        for field in fields:
++            if mode_int & 0x01 == 0:
++                mode_str = (
++                    "<unix:{field} datatype=\"boolean\">false</unix:{field}>\n{mode_str}".format(
++                        field=field, mode_str=mode_str))
++            mode_int = mode_int >> 1
++        data["statemode"] = mode_str.rstrip("\n")
++    return data
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh
+deleted file mode 100755
+index db7e5261eb..0000000000
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh
++++ /dev/null
+@@ -1,50 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check rsyslog.conf with root user log from rules and
+-# non root user log from $IncludeConfig fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-{{% if ATTRIBUTE == "owner" %}}
+-ADDCOMMAND="useradd"
+-CHATTR="chown"
+-{{% else %}}
+-ADDCOMMAND="groupadd"
+-CHATTR="chgrp"
+-{{% endif %}}
+-
+-USER_TEST=testssg
+-$ADDCOMMAND $USER_TEST
+-
+-USER_ROOT=root
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files ownership
+-$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
+-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*      ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-\$IncludeConfig ${test_conf}
+-EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh
+deleted file mode 100755
+index d79ae23cfc..0000000000
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh
++++ /dev/null
+@@ -1,50 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with root user log from rules and
+-# non root user log from include() fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-{{% if ATTRIBUTE == "owner" %}}
+-ADDCOMMAND="useradd"
+-CHATTR="chown"
+-{{% else %}}
+-ADDCOMMAND="groupadd"
+-CHATTR="chgrp"
+-{{% endif %}}
+-
+-USER_TEST=testssg
+-$ADDCOMMAND $USER_TEST
+-
+-USER_ROOT=root
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files ownership
+-$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
+-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*      ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh
+deleted file mode 100644
+index 7869a180a8..0000000000
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh
++++ /dev/null
+@@ -1,75 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with root user log from rules and
+-# root user log from include() passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-{{% if ATTRIBUTE == "owner" %}}
+-ADDCOMMAND="useradd"
+-CHATTR="chown"
+-{{% else %}}
+-ADDCOMMAND="groupadd"
+-CHATTR="chgrp"
+-{{% endif %}}
+-
+-USER_TEST=testssg
+-$ADDCOMMAND $USER_TEST
+-
+-USER=root
+-
+-# setup test data
+-create_rsyslog_test_logs 3
+-
+-# setup test log files ownership
+-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[0]}
+-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
+-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[2]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create test2 configuration file
+-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
+-{{% if ATTRIBUTE == "owner" %}}
+-cat << EOF > ${test_conf2}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-
+-*.*     action(type="omfile" FileCreateMode="0640" fileOwner="$USER_TEST" fileGroup="root" File="${RSYSLOG_TEST_LOGS[2]}")
+-EOF
+-{{% else %}}
+-cat << EOF > ${test_conf2}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-
+-*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="$USER_TEST" File="${RSYSLOG_TEST_LOGS[2]}")
+-EOF
+-{{% endif %}}
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-
+-\$IncludeConfig ${test_conf2}
+-EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh
+deleted file mode 100755
+index e80395ca99..0000000000
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh
++++ /dev/null
+@@ -1,46 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with root user log from rules and
+-# root user log from include() passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-
+-{{% if ATTRIBUTE == "owner" %}}
+-CHATTR="chown"
+-{{% else %}}
+-CHATTR="chgrp"
+-{{% endif %}}
+-
+-USER=root
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files ownership
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh
+deleted file mode 100755
+index e7b4905dc5..0000000000
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh
++++ /dev/null
+@@ -1,63 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with root user log from rules and
+-# non root user log from include() fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-{{% if ATTRIBUTE == "owner" %}}
+-ADDCOMMAND="useradd"
+-CHATTR="chown"
+-{{% else %}}
+-ADDCOMMAND="groupadd"
+-CHATTR="chgrp"
+-{{% endif %}}
+-
+-USER_ROOT=root
+-
+-USER_TEST=testssg
+-$ADDCOMMAND $USER_TEST
+-
+-# setup test data
+-create_rsyslog_test_logs 3
+-
+-# setup test log files ownership
+-$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
+-$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[1]}
+-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[2]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create test2 configuration file
+-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
+-cat << EOF > ${test_conf2}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[2]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-
+-\$IncludeConfig ${test_conf2}
+-EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh
+deleted file mode 100755
+index 6389e6ea3b..0000000000
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh
++++ /dev/null
+@@ -1,58 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with root user log from rules and
+-# root user log from include() passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-{{% if ATTRIBUTE == "owner" %}}
+-CHATTR="chown"
+-{{% else %}}
+-CHATTR="chgrp"
+-{{% endif %}}
+-
+-USER=root
+-
+-# setup test data
+-create_rsyslog_test_logs 3
+-
+-# setup test log files ownership
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[2]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create test2 configuration file
+-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
+-cat << EOF > ${test_conf2}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[2]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-
+-\$IncludeConfig ${test_conf2}
+-EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh
+deleted file mode 100755
+index 6b81a77c2f..0000000000
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh
++++ /dev/null
+@@ -1,59 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with root user log from rules and
+-# root user log from include() passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-{{% if ATTRIBUTE == "owner" %}}
+-CHATTR="chown"
+-{{% else %}}
+-CHATTR="chgrp"
+-{{% endif %}}
+-
+-USER=root
+-
+-# setup test data
+-create_rsyslog_test_logs 3
+-
+-# setup test log files ownership
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[2]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create test2 configuration file
+-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
+-cat << EOF > ${test_conf2}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-
+-*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="root" File="${RSYSLOG_TEST_LOGS[2]}")
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-
+-\$IncludeConfig ${test_conf2}
+-EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh
+deleted file mode 100755
+index 78b105abf3..0000000000
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh
++++ /dev/null
+@@ -1,47 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with root user log from rules and
+-# root user log from multiline include() passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-{{% if ATTRIBUTE == "owner" %}}
+-CHATTR="chown"
+-{{% else %}}
+-CHATTR="chgrp"
+-{{% endif %}}
+-
+-USER=root
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files ownership
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(
+-   file="${test_conf}"
+-)
+-EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh
+deleted file mode 100755
+index afce21fa27..0000000000
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh
++++ /dev/null
+@@ -1,30 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check if log file with root user in rsyslog.conf passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-{{% if ATTRIBUTE == "owner" %}}
+-CHATTR="chown"
+-{{% else %}}
+-CHATTR="chgrp"
+-{{% endif %}}
+-
+-USER=root
+-
+-# setup test data
+-create_rsyslog_test_logs 1
+-
+-# setup test log file ownership
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
+-
+-# add rule with root user owned log file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*        ${RSYSLOG_TEST_LOGS[0]}
+-
+-EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
+similarity index 53%
+rename from shared/templates/rsyslog_logfiles_attributes_modify/tests/is_other.fail.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
+index 1afe20823c..dc362ae003 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_other.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
+@@ -1,33 +1,31 @@
+ #!/bin/bash
+ # platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+-# Check if log file with non root user in rsyslog.conf fails.
+-
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+ 
+ {{% if ATTRIBUTE == "owner" %}}
+-ADDCOMMAND="useradd"
+ CHATTR="chown"
+-{{% else %}}
+-ADDCOMMAND="groupadd"
++ATTR_VALUE="root"
++{{% elif ATTRIBUTE == "groupowner" %}}
+ CHATTR="chgrp"
++ATTR_VALUE="root"
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
+ {{% endif %}}
+ 
+-USER=testssg
+-
+-$ADDCOMMAND $USER
+-
+-# setup test data
++# create one test log file
+ create_rsyslog_test_logs 1
+ 
+-# setup test log file ownership
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
+ 
+-# add rule with non-root user owned log file
++# add rule with test log file
+ cat << EOF > $RSYSLOG_CONF
+ # rsyslog configuration file
+ 
+ #### RULES ####
+-
+ *.*     ${RSYSLOG_TEST_LOGS[0]}
++
+ EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_correct_attr.pass.sh
+similarity index 51%
+rename from shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_root.pass.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_correct_attr.pass.sh
+index b03268fe3e..c742f41039 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_root.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_correct_attr.pass.sh
+@@ -1,45 +1,45 @@
+ #!/bin/bash
+ # platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+-# Check rsyslog.conf with root user log from rules and
+-# root user log from $IncludeConfig passes.
+-
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+ 
+ {{% if ATTRIBUTE == "owner" %}}
+ CHATTR="chown"
+-{{% else %}}
++ATTR_VALUE="root"
++{{% elif ATTRIBUTE == "groupowner" %}}
+ CHATTR="chgrp"
++ATTR_VALUE="root"
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
+ {{% endif %}}
+ 
+-USER=root
+-
+-# setup test data
++# create two test log file
+ create_rsyslog_test_logs 2
+ 
+-# setup test log files ownership
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
+-$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
+ 
+-# create test configuration file
++# create test configuration file with rule for second test log file
+ test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+ cat << EOF > ${test_conf}
+-# rsyslog configuration file
++# rsyslog test configuration file
+ 
+ #### RULES ####
+-
+ *.*     ${RSYSLOG_TEST_LOGS[1]}
++
+ EOF
+ 
+-# create rsyslog.conf configuration file
++# add rule with first test log file plus an include statement
+ cat << EOF > $RSYSLOG_CONF
+ # rsyslog configuration file
+ 
+ #### RULES ####
+-
+ *.*     ${RSYSLOG_TEST_LOGS[0]}
+ 
+ #### MODULES ####
+-
+ \$IncludeConfig ${test_conf}
++
+ EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_incorrect_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_incorrect_attr.fail.sh
+new file mode 100755
+index 0000000000..a12d0bc653
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_incorrect_attr.fail.sh
+@@ -0,0 +1,50 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testuser"
++useradd $ATTR_INCORRECT_VALUE
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testgroup"
++groupadd $ATTR_INCORRECT_VALUE
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++ATTR_INCORRECT_VALUE="0666"
++{{% endif %}}
++
++# create two test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# create test configuration file with rule for second test log file
++test_conf=${RSYSLOG_TEST_DIR}/test1.conf
++cat << EOF > ${test_conf}
++# rsyslog test configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[1]}
++
++EOF
++
++# add rule with first test log file plus an include statement
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*        ${RSYSLOG_TEST_LOGS[0]}
++
++#### MODULES ####
++\$IncludeConfig ${test_conf}
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_incorrect_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_incorrect_attr.fail.sh
+new file mode 100755
+index 0000000000..25430db033
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_incorrect_attr.fail.sh
+@@ -0,0 +1,33 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_INCORRECT_VALUE="cac_testuser"
++useradd $ATTR_INCORRECT_VALUE
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_INCORRECT_VALUE="cac_testgroup"
++groupadd $ATTR_INCORRECT_VALUE
++{{% else %}}
++CHATTR="chmod"
++ATTR_INCORRECT_VALUE="0666"
++{{% endif %}}
++
++# create one test log file
++create_rsyslog_test_logs 1
++
++# setup test log file property
++$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[0]}
++
++# add rule with non-root user owned log file
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[0]}
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
+new file mode 100755
+index 0000000000..c1c5758d80
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
+@@ -0,0 +1,33 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++{{% endif %}}
++
++# create three test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# add rules with both syntax for different test log files
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[0]}
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_correct_attr.pass.sh
+new file mode 100755
+index 0000000000..0235130534
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_correct_attr.pass.sh
+@@ -0,0 +1,58 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++{{% endif %}}
++
++# create three test log file
++create_rsyslog_test_logs 3
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[2]}
++
++# create first test configuration file with legacy rule for second test log file
++test_conf1=${RSYSLOG_TEST_DIR}/legacy.conf
++cat << EOF > ${test_conf1}
++# rsyslog test configuration file with legacy syntax
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[1]}
++
++EOF
++
++# create second test configuration file with RainerScript rule for third test log file
++test_conf2=${RSYSLOG_TEST_DIR}/rainerscript.conf
++cat << EOF > ${test_conf2}
++# rsyslog test configuration file with RainerScript syntax
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[2]}")
++
++EOF
++
++# add rule with first test log file plus two mixed include statement
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[0]}
++
++#### MODULES ####
++\$IncludeConfig ${test_conf1}
++
++include(file="${test_conf2}")
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_legacy.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_legacy.fail.sh
+new file mode 100755
+index 0000000000..bed0afaf5e
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_legacy.fail.sh
+@@ -0,0 +1,63 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testuser"
++useradd $ATTR_INCORRECT_VALUE
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testgroup"
++groupadd $ATTR_INCORRECT_VALUE
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++ATTR_INCORRECT_VALUE="0666"
++{{% endif %}}
++
++# create three test log file
++create_rsyslog_test_logs 3
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[2]}
++
++# create first test configuration file with legacy rule for second test log file
++test_conf1=${RSYSLOG_TEST_DIR}/legacy.conf
++cat << EOF > ${test_conf1}
++# rsyslog test configuration file with legacy syntax
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[1]}
++
++EOF
++
++# create second test configuration file with RainerScript rule for third test log file
++test_conf2=${RSYSLOG_TEST_DIR}/rainerscript.conf
++cat << EOF > ${test_conf2}
++# rsyslog test configuration file with RainerScript syntax
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[2]}")
++
++EOF
++
++# add rule with first test log file plus two mixed include statement
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[0]}
++
++#### MODULES ####
++\$IncludeConfig ${test_conf1}
++
++include(file="${test_conf2}")
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_rainer.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_rainer.fail.sh
+new file mode 100755
+index 0000000000..83c69b3a17
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_rainer.fail.sh
+@@ -0,0 +1,63 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testuser"
++useradd $ATTR_INCORRECT_VALUE
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testgroup"
++groupadd $ATTR_INCORRECT_VALUE
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++ATTR_INCORRECT_VALUE="0666"
++{{% endif %}}
++
++# create three test log file
++create_rsyslog_test_logs 3
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[2]}
++
++# create first test configuration file with legacy rule for second test log file
++test_conf1=${RSYSLOG_TEST_DIR}/legacy.conf
++cat << EOF > ${test_conf1}
++# rsyslog test configuration file with legacy syntax
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[1]}
++
++EOF
++
++# create second test configuration file with RainerScript rule for third test log file
++test_conf2=${RSYSLOG_TEST_DIR}/rainerscript.conf
++cat << EOF > ${test_conf2}
++# rsyslog test configuration file with RainerScript syntax
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[2]}")
++
++EOF
++
++# add rule with first test log file plus two mixed include statement
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[0]}
++
++#### MODULES ####
++\$IncludeConfig ${test_conf1}
++
++include(file="${test_conf2}")
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_cloudinit.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_cloudinit.fail.sh
+new file mode 100755
+index 0000000000..43a6f2648d
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_cloudinit.fail.sh
+@@ -0,0 +1,38 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testuser"
++useradd $ATTR_INCORRECT_VALUE
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testgroup"
++groupadd $ATTR_INCORRECT_VALUE
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++ATTR_INCORRECT_VALUE="0666"
++{{% endif %}}
++
++# create three test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# add rules with both syntax for different test log files
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[0]}
++:syslogtag, isequal, "[CLOUDINIT]" ${RSYSLOG_TEST_LOGS[1]}
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_legacy.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_legacy.fail.sh
+new file mode 100755
+index 0000000000..f459e7377b
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_legacy.fail.sh
+@@ -0,0 +1,38 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testuser"
++useradd $ATTR_INCORRECT_VALUE
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testgroup"
++groupadd $ATTR_INCORRECT_VALUE
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++ATTR_INCORRECT_VALUE="0666"
++{{% endif %}}
++
++# create three test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# add rules with both syntax for different test log files
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[0]}
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_rainer.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_rainer.fail.sh
+new file mode 100755
+index 0000000000..67193b69d8
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_rainer.fail.sh
+@@ -0,0 +1,38 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testuser"
++useradd $ATTR_INCORRECT_VALUE
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testgroup"
++groupadd $ATTR_INCORRECT_VALUE
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++ATTR_INCORRECT_VALUE="0666"
++{{% endif %}}
++
++# create three test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# add rules with both syntax for different test log files
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     ${RSYSLOG_TEST_LOGS[0]}
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
+new file mode 100755
+index 0000000000..abdb09c485
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
+@@ -0,0 +1,31 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++{{% endif %}}
++
++# create one test log file
++create_rsyslog_test_logs 1
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++
++# add rule with test log file
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_correct_attr.pass.sh
+new file mode 100755
+index 0000000000..8b73578e39
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_correct_attr.pass.sh
+@@ -0,0 +1,45 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++{{% endif %}}
++
++# create two test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# create test configuration file with rule for second test log file
++test_conf=${RSYSLOG_TEST_DIR}/test1.conf
++cat << EOF > ${test_conf}
++# rsyslog test configuration file
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
++
++EOF
++
++# add rule with first test log file plus an include statement
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
++
++#### MODULES ####
++include(file="${test_conf}")
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_incorrect_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_incorrect_attr.fail.sh
+new file mode 100755
+index 0000000000..4c25c09e2e
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_incorrect_attr.fail.sh
+@@ -0,0 +1,50 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testuser"
++useradd $ATTR_INCORRECT_VALUE
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testgroup"
++groupadd $ATTR_INCORRECT_VALUE
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++ATTR_INCORRECT_VALUE="0666"
++{{% endif %}}
++
++# create two test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# create test configuration file with rule for second test log file
++test_conf=${RSYSLOG_TEST_DIR}/test1.conf
++cat << EOF > ${test_conf}
++# rsyslog test configuration file
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
++
++EOF
++
++# add rule with first test log file plus an include statement
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
++
++#### MODULES ####
++include(file="${test_conf}")
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_correct_attr.pass.sh
+new file mode 100755
+index 0000000000..508a5cf6eb
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_correct_attr.pass.sh
+@@ -0,0 +1,47 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++{{% endif %}}
++
++# create two test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# create test configuration file with rule for second test log file
++test_conf=${RSYSLOG_TEST_DIR}/test1.conf
++cat << EOF > ${test_conf}
++# rsyslog test configuration file
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
++
++EOF
++
++# add rule with first test log file plus an include statement
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
++
++#### MODULES ####
++include(
++   file="${test_conf}"
++)
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_incorrect_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_incorrect_attr.fail.sh
+new file mode 100755
+index 0000000000..49fada4cd4
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_incorrect_attr.fail.sh
+@@ -0,0 +1,52 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testuser"
++useradd $ATTR_INCORRECT_VALUE
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_VALUE="root"
++ATTR_INCORRECT_VALUE="cac_testgroup"
++groupadd $ATTR_INCORRECT_VALUE
++{{% else %}}
++CHATTR="chmod"
++ATTR_VALUE="0600"
++ATTR_INCORRECT_VALUE="0666"
++{{% endif %}}
++
++# create two test log file
++create_rsyslog_test_logs 2
++
++# setup test log file property
++$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
++
++# create test configuration file with rule for second test log file
++test_conf=${RSYSLOG_TEST_DIR}/test1.conf
++cat << EOF > ${test_conf}
++# rsyslog test configuration file
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
++
++EOF
++
++# add rule with first test log file plus an include statement
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
++
++#### MODULES ####
++include(
++   file="${test_conf}"
++)
++
++EOF
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_incorrect_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_incorrect_attr.fail.sh
+new file mode 100755
+index 0000000000..b17eb6b744
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_incorrect_attr.fail.sh
+@@ -0,0 +1,33 @@
++#!/bin/bash
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++
++# Declare variables used for the tests and define the create_rsyslog_test_logs function
++source $SHARED/rsyslog_log_utils.sh
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++ATTR_INCORRECT_VALUE="cac_testuser"
++useradd $ATTR_INCORRECT_VALUE
++{{% elif ATTRIBUTE == "groupowner" %}}
++CHATTR="chgrp"
++ATTR_INCORRECT_VALUE="cac_testgroup"
++groupadd $ATTR_INCORRECT_VALUE
++{{% else %}}
++CHATTR="chmod"
++ATTR_INCORRECT_VALUE="0666"
++{{% endif %}}
++
++# create one test log file
++create_rsyslog_test_logs 1
++
++# setup test log file property
++$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[0]}
++
++# add rule with non-root user owned log file
++cat << EOF > $RSYSLOG_CONF
++# rsyslog configuration file
++
++#### RULES ####
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
++
++EOF
+-- 
+2.39.1
+
diff --git a/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch b/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch
new file mode 100644
index 0000000..80bcc2f
--- /dev/null
+++ b/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch
@@ -0,0 +1,1950 @@
+From b8d2b568eb07b10f8a51f1327e399303bc06528d Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Mon, 13 Feb 2023 17:49:12 +0100
+Subject: [PATCH 1/5] Rsyslog files rules remediations
+
+Patch-name: scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch
+Patch-status: Rsyslog files rules remediations
+---
+ controls/cis_sle12.yml                        |   4 +-
+ controls/cis_sle15.yml                        |   4 +-
+ .../file_groupowner_logfiles_value.var        |  18 ---
+ .../oval/shared.xml                           | 116 ---------------
+ .../rsyslog_files_groupownership/rule.yml     |  39 ++++-
+ .../tests/IncludeConfig_is_other.fail.sh      |  42 ------
+ .../tests/IncludeConfig_is_root.pass.sh       |  39 -----
+ .../tests/include_is_other.fail.sh            |  42 ------
+ .../tests/include_is_root.pass.sh             |  39 -----
+ .../tests/include_multiline_is_root.pass.sh   |  41 ------
+ .../tests/is_other.fail.sh                    |  25 ----
+ .../tests/is_root.pass.sh                     |  24 ---
+ .../rsyslog_files_ownership/oval/shared.xml   | 114 ---------------
+ .../rsyslog_files_ownership/rule.yml          |  44 +++++-
+ .../ansible/shared.yml                        |  12 ++
+ .../rsyslog_logging_configured/bash/shared.sh |   7 +
+ .../oval/shared.xml                           |  41 ++++++
+ .../rsyslog_logging_configured/rule.yml       |  34 +++++
+ ...with_everything_logged_to_messages.pass.sh |  13 ++
+ .../rsyslog_file_with_no_logging.fail.sh      |  12 ++
+ .../profiles/anssi_np_nt28_average.profile    |   2 -
+ products/debian10/profiles/standard.profile   |   2 -
+ .../profiles/anssi_np_nt28_average.profile    |   2 -
+ products/debian11/profiles/standard.profile   |   2 -
+ products/rhel7/profiles/rht-ccp.profile       |   2 -
+ products/rhel8/profiles/rht-ccp.profile       |   2 -
+ .../profiles/anssi_bp28_intermediary.profile  |   1 +
+ products/sle15/profiles/standard.profile      |   2 -
+ .../profiles/anssi_np_nt28_average.profile    |   2 -
+ products/ubuntu1604/profiles/standard.profile |   2 -
+ .../profiles/anssi_np_nt28_average.profile    |   2 -
+ products/ubuntu1804/profiles/standard.profile |   2 -
+ products/ubuntu2004/profiles/standard.profile |   2 -
+ products/ubuntu2204/profiles/standard.profile |   2 -
+ shared/references/cce-sle12-avail.txt         |   1 -
+ shared/references/cce-sle15-avail.txt         |   1 -
+ .../ansible.template                          |  68 +++++++++
+ .../bash.template                             | 110 ++++++++++++++
+ .../oval.template                             | 137 ++++++++++++++++++
+ .../template.yml                              |   4 +
+ .../tests/IncludeConfig_is_other.fail.sh      |  14 +-
+ .../tests/IncludeConfig_is_root.pass.sh       |  10 +-
+ .../tests/include_is_other.fail.sh            |  14 +-
+ ...udeConfig_is_other_RainerLogClause.fail.sh |  37 ++++-
+ .../tests/include_is_root.pass.sh             |  11 +-
+ ...ude_is_root_IncludeConfig_is_other.fail.sh |  16 +-
+ ...lude_is_root_IncludeConfig_is_root.pass.sh |  12 +-
+ ...ludeConfig_is_root_RainerLogClause.pass.sh |  22 +--
+ .../tests/include_multiline_is_root.pass.sh   |  10 +-
+ .../tests/is_other.fail.sh                    |  12 +-
+ .../tests/is_root.pass.sh                     |   8 +-
+ 51 files changed, 648 insertions(+), 576 deletions(-)
+ delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/file_groupowner_logfiles_value.var
+ delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh
+ delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh
+ delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/oval/shared.xml
+ create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/ansible/shared.yml
+ create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/bash/shared.sh
+ create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/oval/shared.xml
+ create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml
+ create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/tests/rsyslog_file_with_everything_logged_to_messages.pass.sh
+ create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/tests/rsyslog_file_with_no_logging.fail.sh
+ create mode 100644 shared/templates/rsyslog_logfiles_attributes_modify/ansible.template
+ create mode 100644 shared/templates/rsyslog_logfiles_attributes_modify/bash.template
+ create mode 100644 shared/templates/rsyslog_logfiles_attributes_modify/oval.template
+ create mode 100644 shared/templates/rsyslog_logfiles_attributes_modify/template.yml
+ rename {linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership => shared/templates/rsyslog_logfiles_attributes_modify}/tests/IncludeConfig_is_other.fail.sh (75%)
+ rename {linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership => shared/templates/rsyslog_logfiles_attributes_modify}/tests/IncludeConfig_is_root.pass.sh (81%)
+ rename {linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership => shared/templates/rsyslog_logfiles_attributes_modify}/tests/include_is_other.fail.sh (75%)
+ rename linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh => shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh (50%)
+ mode change 100755 => 100644
+ rename {linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership => shared/templates/rsyslog_logfiles_attributes_modify}/tests/include_is_root.pass.sh (81%)
+ rename {linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership => shared/templates/rsyslog_logfiles_attributes_modify}/tests/include_is_root_IncludeConfig_is_other.fail.sh (77%)
+ rename {linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership => shared/templates/rsyslog_logfiles_attributes_modify}/tests/include_is_root_IncludeConfig_is_root.pass.sh (82%)
+ rename linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh => shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh (65%)
+ rename {linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership => shared/templates/rsyslog_logfiles_attributes_modify}/tests/include_multiline_is_root.pass.sh (81%)
+ rename {linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership => shared/templates/rsyslog_logfiles_attributes_modify}/tests/is_other.fail.sh (70%)
+ rename {linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership => shared/templates/rsyslog_logfiles_attributes_modify}/tests/is_root.pass.sh (77%)
+
+diff --git a/controls/cis_sle12.yml b/controls/cis_sle12.yml
+index 5c464fe556..8576343b9d 100644
+--- a/controls/cis_sle12.yml
++++ b/controls/cis_sle12.yml
+@@ -1321,7 +1321,9 @@ controls:
+     levels:
+     - l1_server
+     - l1_workstation
+-    status: manual 
++    automated: yes
++    rules:
++      - rsyslog_logging_configured
+ 
+   - id: 4.2.1.5
+     title: Ensure rsyslog is configured to send logs to a remote log host (Automated)
+diff --git a/controls/cis_sle15.yml b/controls/cis_sle15.yml
+index 36d7616f90..f82341a038 100644
+--- a/controls/cis_sle15.yml
++++ b/controls/cis_sle15.yml
+@@ -1469,7 +1469,9 @@ controls:
+     levels:
+       - l1_server
+       - l1_workstation
+-    status: manual 
++    automated: yes
++    rules:
++      - rsyslog_logging_configured
+ 
+   - id: 4.2.1.5
+     title: Ensure rsyslog is configured to send logs to a remote log host (Automated)
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/file_groupowner_logfiles_value.var b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/file_groupowner_logfiles_value.var
+deleted file mode 100644
+index 7ebf8c191a..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/file_groupowner_logfiles_value.var
++++ /dev/null
+@@ -1,18 +0,0 @@
+-documentation_complete: true
+-
+-title: 'group who owns log files'
+-
+-description: |-
+-    Specify group owner of all logfiles specified in
+-    <tt>/etc/rsyslog.conf.</tt>
+-
+-type: string
+-
+-operator: equals
+-
+-interactive: false
+-
+-options:
+-    default: root
+-    adm: adm
+-    root: root
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml
+deleted file mode 100644
+index 4567f4d411..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml
++++ /dev/null
+@@ -1,116 +0,0 @@
+-<def-group oval_version="5.11">
+-  <definition class="compliance" id="rsyslog_files_groupownership" version="1">
+-    {{{ oval_metadata("All syslog log files should be owned by the appropriate group.") }}}
+-
+-    <criteria operator="AND">
+-      {{% if product in ["debian10", "debian11", "ubuntu1604"] %}}
+-      <extend_definition comment="rsyslog daemon is used as local logging daemon" definition_ref="package_rsyslog_installed" />
+-      {{% endif %}}
+-      <criterion comment="Check if all system log files are owned by the appropriate group" test_ref="test_rsyslog_files_groupownership" />
+-    </criteria>
+-
+-  </definition>
+-
+-  <!-- First obtain rsyslog's $IncludeConfig directive and include() object (introduced in rsyslog v8.33.0) values.  -->
+-  <ind:textfilecontent54_object id="object_rfg_rsyslog_include_config_value" comment="rsyslog's $IncludeConfig directive and include() object values" version="1">
+-    <ind:filepath>/etc/rsyslog.conf</ind:filepath>
+-    <ind:pattern operation="pattern match">^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$</ind:pattern>
+-    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+-  </ind:textfilecontent54_object>
+-
+-  <!-- Turn that glob value into Perl's regex so it can be used as filepath pattern below -->
+-  <local_variable id="var_rfg_include_config_regex" datatype="string" version="1" comment="$IncludeConfig value converted to regex">
+-    <unique>
+-      <glob_to_regex>
+-        <object_component item_field="subexpression" object_ref="object_rfg_rsyslog_include_config_value" />
+-      </glob_to_regex>
+-    </unique>
+-  </local_variable>
+-
+-  <!-- Create a variable_object from the regex variable
+-       If the variable has no values, there won't be any objects -->
+-  <ind:variable_object id="object_var_rfg_include_config_regex" comment="Make variable object from regex variable" version="1">
+-    <ind:var_ref>var_rfg_include_config_regex</ind:var_ref>
+-  </ind:variable_object>
+-
+-  <local_variable id="var_rfg_syslog_config" datatype="string" version="1" comment="Locations of all rsyslog configuration files as collection">
+-    <literal_component datatype="string">^/etc/rsyslog.conf$</literal_component>
+-  </local_variable>
+-
+-  <ind:variable_object id="object_var_rfg_syslog_config" comment="Make variable object for use" version="1">
+-    <ind:var_ref>var_rfg_syslog_config</ind:var_ref>
+-  </ind:variable_object>
+-
+-  <!-- Combine the two variable_objects into one variable_object
+-       We do it this way to avoid referencing an empty variable in a state comparison, which
+-       will cause a test to evaluate to fail. Combining an empty set of objects is fine though -->
+-  <ind:variable_object id="object_var_rfg_all_log_files" comment="Filter out empty string" version="1">
+-    <set>
+-      <object_reference>object_var_rfg_include_config_regex</object_reference>
+-      <object_reference>object_var_rfg_syslog_config</object_reference>
+-    </set>
+-  </ind:variable_object>
+-
+-  <!-- In element filepath of object_rfg_log_files_paths we need to pass a list of values,
+-       a list of objects won't do. So we make a local_variable from the variable_objects. -->
+-  <local_variable id="var_rfg_all_log_files" datatype="string" version="1" comment="Locations of all rsyslog configuration files as collection">
+-    <object_component object_ref="object_var_rfg_all_log_files" item_field="value"/>
+-  </local_variable>
+-
+-  <!-- For each item from that collection (particular rsyslog's configuration file path) search
+-       that rsyslog's configuration file to select file paths for log files directives
+-  -->
+-  <ind:textfilecontent54_object id="object_rfg_log_files_paths" comment="All rsyslog configuration files" version="1">
+-    <ind:filepath operation="pattern match" var_ref="var_rfg_all_log_files" var_check="at least one" />
+-    <!-- Chunk of text retrieved from rsyslog's configuration file is considered
+-         to constitute a log file path if all of the following conditions are met:
+-         * the string represents a regular file on particular file system
+-           (verified via corresponding file_state below),
+-         * the chunk of text is in the last column in the row,
+-           (possibly suffixed by ';' character and rsyslog Template name),
+-         * contains at least one slash '/' character, and simultaneously
+-           doesn't contain any of ';', ':' and space characters,
+-         * the chunk was retrieved from a row not starting with space, '#',
+-           or '$' characters
+-    -->
+-    <ind:pattern operation="pattern match">^[^(\s|#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*\.*$</ind:pattern>
+-    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+-    <filter action="exclude">state_groupownership_ignore_include_paths</filter>
+-  </ind:textfilecontent54_object>
+-
+-  <ind:textfilecontent54_state id="state_groupownership_ignore_include_paths" comment="ignore" version="1">
+-    <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
+-         include() or $IncludeConfig statements.
+-         These paths are conf files, not log files. Their groupownership don't need to be as
+-         required for log files, thus, lets exclude them from the list of objects found
+-    -->
+-	  <ind:text operation="pattern match">(?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+|\/dev\/.*)</ind:text>
+-  </ind:textfilecontent54_state>
+-
+-  <!-- Define OVAL variable to hold all the various system log files locations
+-       retrieved from the different rsyslog configuration files
+-  -->
+-  <local_variable id="var_rfg_log_files_paths" datatype="string" version="1" comment="File paths of all rsyslog configuration files">
+-    <object_component item_field="subexpression" object_ref="object_rfg_log_files_paths" />
+-  </local_variable>
+-
+-  <!-- Perform the test if all rsyslog system log files are owned by the appropriate group -->
+-  <unix:file_test check="all" check_existence="all_exist" id="test_rsyslog_files_groupownership" version="1" comment="System log files are owned by the appropriate group">
+-    <unix:object object_ref="object_rsyslog_files_groupownership" />
+-    <unix:state state_ref="state_rsyslog_files_groupownership" />
+-  </unix:file_test>
+-
+-  <unix:file_object id="object_rsyslog_files_groupownership" comment="Various system log files" version="1">
+-    <unix:filepath datatype="string" var_ref="var_rfg_log_files_paths" var_check="at least one" />
+-  </unix:file_object>
+-
+-  <unix:file_state id="state_rsyslog_files_groupownership" version="1">
+-    <unix:type operation="equals">regular</unix:type>
+-    {{% if product in ["debian10", "debian11", "ubuntu1604", "ubuntu2004", "ubuntu2204"] %}}
+-    <unix:group_id datatype="int">4</unix:group_id>
+-    {{% else %}}
+-    <unix:group_id datatype="int">0</unix:group_id>
+-    {{% endif %}}
+-  </unix:file_state>
+-
+-</def-group>
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
+index 4f797f4a21..13c89d90c5 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
+@@ -4,15 +4,30 @@ title: 'Ensure Log Files Are Owned By Appropriate Group'
+ 
+ description: |-
+     The group-owner of all log files written by
+-    <tt>rsyslog</tt> should be <tt>{{{ xccdf_value("file_groupowner_logfiles_value") }}}</tt>.
++    <tt>rsyslog</tt> should be
++{{% if 'debian' in product or 'ubuntu' in product %}}
++    <tt>adm</tt>.
++{{% else %}}
++    <tt>root</tt>.
++{{% endif %}}
+     These log files are determined by the second part of each Rule line in
+     <tt>/etc/rsyslog.conf</tt> and typically all appear in <tt>/var/log</tt>.
+     For each log file <i>LOGFILE</i> referenced in <tt>/etc/rsyslog.conf</tt>,
+     run the following command to inspect the file's group owner:
+     <pre>$ ls -l <i>LOGFILE</i></pre>
+-    If the owner is not <tt>{{{ xccdf_value("file_groupowner_logfiles_value") }}}</tt>, run the following command to
++    If the owner is not
++    {{% if 'debian' in product or 'ubuntu' in product %}}
++    <tt>adm</tt>,
++    {{% else %}}
++    <tt>root</tt>,
++    {{% endif %}}
++    run the following command to
+     correct this:
+-    <pre>$ sudo chgrp {{{ xccdf_value("file_groupowner_logfiles_value") }}} <i>LOGFILE</i></pre>
++{{% if 'debian' in product or 'ubuntu' in product %}}
++    <pre>$ sudo chgrp adm <i>LOGFILE</i></pre>
++{{% else %}}
++    <pre>$ sudo chgrp root <i>LOGFILE</i></pre>
++{{% endif %}}
+ 
+ rationale: |-
+     The log files generated by rsyslog contain valuable information regarding system
+@@ -47,8 +62,24 @@ references:
+ ocil_clause: 'the group-owner is not correct'
+ 
+ ocil: |-
+-    The group-owner of all log files written by <tt>rsyslog</tt> should be <tt>{{{ xccdf_value("file_groupowner_logfiles_value") }}}</tt>.
++    The group-owner of all log files written by <tt>rsyslog</tt> should be
++    {{% if 'debian' in product or 'ubuntu' in product %}}
++    <tt>adm</tt>.
++    {{% else %}}
++    <tt>root</tt>.
++    {{% endif %}}
+     These log files are determined by the second part of each Rule line in
+     <tt>/etc/rsyslog.conf</tt> and typically all appear in <tt>/var/log</tt>.
+     To see the group-owner of a given log file, run the following command:
+     <pre>$ ls -l <i>LOGFILE</i></pre>
++
++template:
++  name: rsyslog_logfiles_attributes_modify
++  vars:
++    attribute: groupowner
++    value: 0
++    value@debian10: 4
++    value@debian11: 4
++    value@ubuntu1604: 4
++    value@ubuntu2004: 4
++    value@ubuntu2204: 4
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh
+deleted file mode 100755
+index 575530ef2e..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh
++++ /dev/null
+@@ -1,42 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check rsyslog.conf with root group-owner log from rules and
+-# non root group-owner log from $IncludeConfig fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-GROUP_TEST=testssg
+-groupadd $GROUP_TEST
+-
+-GROUP_ROOT=root
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files ownership
+-chgrp $GROUP_ROOT ${RSYSLOG_TEST_LOGS[0]}
+-chgrp $GROUP_TEST ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*      ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-\$IncludeConfig ${test_conf}
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh
+deleted file mode 100755
+index 39efc1a4b7..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh
++++ /dev/null
+@@ -1,39 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check rsyslog.conf with root group-owner log from rules and
+-# root group-owner log from $IncludeConfig passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-GROUP=root
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files ownership
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[0]}
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-\$IncludeConfig ${test_conf}
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh
+deleted file mode 100755
+index c0db7056b4..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh
++++ /dev/null
+@@ -1,42 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with root group-owner log from rules and
+-# non root group-owner log from include() fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-GROUP_TEST=testssg
+-groupadd $GROUP_TEST
+-
+-GROUP_ROOT=root
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files ownership
+-chgrp $GROUP_ROOT ${RSYSLOG_TEST_LOGS[0]}
+-chgrp $GROUP_TEST ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*      ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh
+deleted file mode 100755
+index 1feaf762fc..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh
++++ /dev/null
+@@ -1,39 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with root group-owner log from rules and
+-# root group-owner log from include() passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-GROUP=root
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files ownership
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[0]}
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(file="${test_conf}")
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh
+deleted file mode 100755
+index 5a357d029b..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh
++++ /dev/null
+@@ -1,41 +0,0 @@
+-#!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+-
+-# Check rsyslog.conf with root group-owner log from rules and
+-# root group-owner log from multiline include() passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-GROUP=root
+-
+-# setup test data
+-create_rsyslog_test_logs 2
+-
+-# setup test log files ownership
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[0]}
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[1]}
+-
+-# create test configuration file
+-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+-cat << EOF > ${test_conf}
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[1]}
+-EOF
+-
+-# create rsyslog.conf configuration file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-
+-#### MODULES ####
+-
+-include(
+-   file="${test_conf}"
+-)
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh
+deleted file mode 100755
+index c7c01132f2..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh
++++ /dev/null
+@@ -1,25 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check if log file with non root group-owner in rsyslog.conf fails.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-GROUP=testssg
+-
+-groupadd $GROUP
+-
+-# setup test data
+-create_rsyslog_test_logs 1
+-
+-# setup test log file ownership
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[0]}
+-
+-# add rule with non-root group owned log file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*     ${RSYSLOG_TEST_LOGS[0]}
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh
+deleted file mode 100755
+index 0ecbb35bd1..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh
++++ /dev/null
+@@ -1,24 +0,0 @@
+-#!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-
+-# Check if log file with root group-owner in rsyslog.conf passes.
+-
+-source $SHARED/rsyslog_log_utils.sh
+-
+-GROUP=root
+-
+-# setup test data
+-create_rsyslog_test_logs 1
+-
+-# setup test log file ownership
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[0]}
+-
+-# add rule with root group owned log file
+-cat << EOF > $RSYSLOG_CONF
+-# rsyslog configuration file
+-
+-#### RULES ####
+-
+-*.*        ${RSYSLOG_TEST_LOGS[0]}
+-
+-EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/oval/shared.xml
+deleted file mode 100644
+index 8e3f68db26..0000000000
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/oval/shared.xml
++++ /dev/null
+@@ -1,114 +0,0 @@
+-<def-group oval_version="5.11">
+-  <definition class="compliance" id="rsyslog_files_ownership" version="1">
+-    {{{ oval_metadata("All syslog log files should be owned by the appropriate user.") }}}
+-
+-    <criteria>
+-      <criterion comment="Check if all system log files are owned by appropriate user" test_ref="test_rsyslog_files_ownership" />
+-    </criteria>
+-
+-  </definition>
+-
+-  <!-- First obtain rsyslog's $IncludeConfig directive and include() object (introduced in rsyslog v8.33.0) values.  -->
+-  <ind:textfilecontent54_object id="object_rfo_rsyslog_include_config_value" comment="rsyslog's $IncludeConfig directive and include() object values" version="1">
+-    <ind:filepath>/etc/rsyslog.conf</ind:filepath>
+-    <ind:pattern operation="pattern match">^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$</ind:pattern>
+-    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+-  </ind:textfilecontent54_object>
+-
+-  <!-- Turn that glob value into Perl's regex so it can be used as filepath pattern below -->
+-  <local_variable id="var_rfo_include_config_regex" datatype="string" version="1" comment="$IncludeConfig value converted to regex">
+-    <unique>
+-      <glob_to_regex>
+-        <object_component item_field="subexpression" object_ref="object_rfo_rsyslog_include_config_value" />
+-      </glob_to_regex>
+-    </unique>
+-  </local_variable>
+-
+-  <!-- Create a variable_object from the regex variable
+-       If the variable has no values, there won't be any objects -->
+-  <ind:variable_object id="object_var_rfo_include_config_regex" comment="Make variable object from regex variable" version="1">
+-    <ind:var_ref>var_rfo_include_config_regex</ind:var_ref>
+-  </ind:variable_object>
+-
+-  <local_variable id="var_rfo_syslog_config" datatype="string" version="1" comment="Locations of all rsyslog configuration files as collection">
+-    <literal_component datatype="string">^/etc/rsyslog.conf$</literal_component>
+-  </local_variable>
+-
+-  <ind:variable_object id="object_var_rfo_syslog_config" comment="Make variable object for use" version="1">
+-    <ind:var_ref>var_rfo_syslog_config</ind:var_ref>
+-  </ind:variable_object>
+-
+-  <!-- Combine the two variable_objects into one variable_object
+-       We do it this way to avoid referencing an empty variable in a state comparison, which
+-       will cause a test to evaluate to fail. Combining an empty set of objects is fine though -->
+-  <ind:variable_object id="object_var_rfo_all_log_files" comment="Filter out empty string" version="1">
+-    <set>
+-      <object_reference>object_var_rfo_include_config_regex</object_reference>
+-      <object_reference>object_var_rfo_syslog_config</object_reference>
+-    </set>
+-  </ind:variable_object>
+-
+-  <!-- In element filepath of object_rfg_log_files_paths we need to pass a list of values,
+-       a list of objects won't do. So we make a local_variable from the variable_objects. -->
+-  <local_variable id="var_rfo_all_log_files" datatype="string" version="1" comment="Locations of all rsyslog configuration files as collection">
+-    <object_component object_ref="object_var_rfo_all_log_files" item_field="value"/>
+-  </local_variable>
+-
+-  <!-- For each item from that collection (particular rsyslog's configuration file path) search
+-       that rsyslog's configuration file to select file paths for log files directives
+-  -->
+-  <ind:textfilecontent54_object id="object_rfo_log_files_paths" comment="All rsyslog configuration files" version="1">
+-    <ind:filepath operation="pattern match" var_ref="var_rfo_all_log_files" var_check="at least one" />
+-    <!-- Chunk of text retrieved from rsyslog's configuration file is considered
+-         to constitute a log file path if all of the following conditions are met:
+-         * the string represents a regular file on particular file system
+-           (verified via corresponding file_state below),
+-         * the chunk of text is in the last column in the row,
+-           (possibly suffixed by ';' character and rsyslog Template name),
+-         * contains at least one slash '/' character, and simultaneously
+-           doesn't contain any of ';', ':' and space characters,
+-         * the chunk was retrieved from a row not starting with space, '#',
+-           or '$' characters
+-    -->
+-    <ind:pattern operation="pattern match">^[^(#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*\.*$</ind:pattern>
+-    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+-    <filter action="exclude">state_owner_ignore_include_paths</filter>
+-  </ind:textfilecontent54_object>
+-
+-  <ind:textfilecontent54_state id="state_owner_ignore_include_paths" comment="ignore" version="1">
+-    <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
+-         include() or $IncludeConfig statements.
+-         These paths are conf files, not log files. Their owner don't need to be as
+-         required for log files, thus, lets exclude them from the list of objects found
+-    -->
+-    <ind:text operation="pattern match">(?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+|\/dev\/.*)</ind:text>
+-  </ind:textfilecontent54_state>
+-
+-  <!-- Define OVAL variable to hold all the various system log files locations
+-       retrieved from the different rsyslog configuration files
+-  -->
+-  <local_variable id="var_rfo_log_files_paths" datatype="string" version="1" comment="File paths of all rsyslog configuration files">
+-    <object_component item_field="subexpression" object_ref="object_rfo_log_files_paths" />
+-  </local_variable>
+-
+-  <!-- Perform the test if all rsyslog system log files are owned by the appropriate user -->
+-  <unix:file_test check="all" check_existence="all_exist" id="test_rsyslog_files_ownership" version="1" comment="System log files are owned by the appropriate user">
+-    <unix:object object_ref="object_rsyslog_files_ownership" />
+-    <unix:state state_ref="state_rsyslog_files_ownership" />
+-  </unix:file_test>
+-
+-  <unix:file_object id="object_rsyslog_files_ownership" comment="Various system log files" version="1">
+-    <unix:filepath datatype="string" var_ref="var_rfo_log_files_paths" var_check="at least one" />
+-  </unix:file_object>
+-
+-  <unix:file_state id="state_rsyslog_files_ownership" version="1">
+-    <unix:type operation="equals">regular</unix:type>
+-
+-    {{% if product in ["ubuntu2004", "ubuntu2204"] %}}
+-    <unix:user_id datatype="int">104</unix:user_id>
+-    {{% else %}}
+-    <unix:user_id datatype="int">0</unix:user_id>
+-    {{% endif %}}
+-  </unix:file_state>
+-
+-</def-group>
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
+index 37c87b07cd..0d9bf40f4b 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
+@@ -4,15 +4,36 @@ title: 'Ensure Log Files Are Owned By Appropriate User'
+ 
+ description: |-
+     The owner of all log files written by
+-    <tt>rsyslog</tt> should be <tt>{{{ xccdf_value("file_owner_logfiles_value") }}}</tt>.
++    <tt>rsyslog</tt> should be
++    {{% if product in ['ubuntu2204','ubuntu2004'] %}}
++    <tt>syslog</tt>.
++    {{% elif 'debian' in product or 'ubuntu' in product %}}
++    <tt>adm</tt>.
++    {{% else %}}
++    <tt>root</tt>.
++    {{% endif %}}
+     These log files are determined by the second part of each Rule line in
+     <tt>/etc/rsyslog.conf</tt> and typically all appear in <tt>/var/log</tt>.
+     For each log file <i>LOGFILE</i> referenced in <tt>/etc/rsyslog.conf</tt>,
+     run the following command to inspect the file's owner:
+     <pre>$ ls -l <i>LOGFILE</i></pre>
+-    If the owner is not <tt>{{{ xccdf_value("file_owner_logfiles_value") }}}</tt>, run the following command to
++    If the owner is not
++    {{% if product in ['ubuntu2204','ubuntu2004'] %}}
++    <tt>syslog</tt>,
++    {{% elif 'debian' in product or 'ubuntu' in product %}}
++    <tt>adm</tt>,
++    {{% else %}}
++    <tt>root</tt>,
++    {{% endif %}}
++    run the following command to
+     correct this:
+-    <pre>$ sudo chown {{{ xccdf_value("file_owner_logfiles_value") }}} <i>LOGFILE</i></pre>
++    {{% if product in ['ubuntu2204','ubuntu2004'] %}}
++    <pre>$ sudo chown syslog <i>LOGFILE</i></pre>
++    {{% elif 'debian' in product or 'ubuntu' in product %}}
++    <pre>$ sudo chown adm <i>LOGFILE</i></pre>
++    {{% else %}}
++    <pre>$ sudo chown root <i>LOGFILE</i></pre>
++    {{% endif %}}
+ 
+ rationale: |-
+     The log files generated by rsyslog contain valuable information regarding system
+@@ -47,8 +68,23 @@ references:
+ ocil_clause: 'the owner is not correct'
+ 
+ ocil: |-
+-    The owner of all log files written by <tt>rsyslog</tt> should be <tt>{{{ xccdf_value("file_owner_logfiles_value") }}}</tt>.
++    The owner of all log files written by <tt>rsyslog</tt> should be
++    {{% if product in ['ubuntu2204','ubuntu2004'] %}}
++    <tt>syslog</tt>.
++    {{% elif 'debian' in product or 'ubuntu' in product %}}
++    <tt>adm</tt>.
++    {{% else %}}
++    <tt>root</tt>.
++    {{% endif %}}
+     These log files are determined by the second part of each Rule line in
+     <tt>/etc/rsyslog.conf</tt> and typically all appear in <tt>/var/log</tt>.
+     To see the owner of a given log file, run the following command:
+     <pre>$ ls -l <i>LOGFILE</i></pre>
++
++template:
++  name: rsyslog_logfiles_attributes_modify
++  vars:
++    attribute: owner
++    value: 0
++    value@ubuntu2004: 104
++    value@ubuntu2204: 104
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/ansible/shared.yml
+new file mode 100644
+index 0000000000..041e263155
+--- /dev/null
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/ansible/shared.yml
+@@ -0,0 +1,12 @@
++# platform = multi_platform_sle
++# reboot = false
++# strategy = restrict
++# complexity = low
++# disruption = low
++
++- name: "Set rsyslog remote loghost"
++  lineinfile:
++    dest: /etc/rsyslog.conf
++    regexp: "^\\*\\.\\*"
++    line: "*.* /var/log/messages"
++    create: yes
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/bash/shared.sh
+new file mode 100644
+index 0000000000..d634610225
+--- /dev/null
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/bash/shared.sh
+@@ -0,0 +1,7 @@
++# platform = multi_platform_sle
++# reboot = false
++# strategy = restrict
++# complexity = low
++# disruption = low
++
++{{{ bash_replace_or_append('/etc/rsyslog.conf', '^\*\.\*', "/var/log/messages", '%s %s') }}}
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/oval/shared.xml
+new file mode 100644
+index 0000000000..89e1e7616e
+--- /dev/null
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/oval/shared.xml
+@@ -0,0 +1,41 @@
++<def-group>
++  <definition class="compliance" id="rsyslog_logging_configured" version="1">
++    {{{ oval_metadata("Syslog logs should be configured") }}}
++
++    <criteria operator="AND">
++      {{% if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804"] %}}
++      <extend_definition comment="rsyslog daemon is used as local logging daemon" definition_ref="package_rsyslog_installed" />
++      {{% endif %}}
++      <criteria operator="OR">
++        <criterion comment="Logging configured within /etc/rsyslog.conf" test_ref="test_logging_configured_rsyslog_conf" />
++        <criterion comment="Remote logging set within /etc/rsyslog.d" test_ref="test_logging_configured_rsyslog_d" />
++      </criteria>
++    </criteria>
++  </definition>
++
++  <ind:textfilecontent54_test check="all" check_existence="all_exist"
++  comment="Ensures system logging configured in main conf file"
++  id="test_logging_configured_rsyslog_conf" version="1">
++    <ind:object object_ref="object_logging_configured_rsyslog_conf" />
++  </ind:textfilecontent54_test>
++
++  <ind:textfilecontent54_test check="all" check_existence="all_exist"
++  comment="Ensures system logging_configured in .d files"
++  id="test_logging_configured_rsyslog_d" version="1">
++    <ind:object object_ref="object_logging_configured_rsyslog_d" />
++  </ind:textfilecontent54_test>
++
++  <ind:textfilecontent54_object id="object_logging_configured_rsyslog_conf" version="1">
++    <ind:filepath>/etc/rsyslog.conf</ind:filepath>
++    <ind:pattern operation="pattern match">^[^(\s|#|\$)]+[\s]+.*[\s]+(\:\w+\:\S*|-?(\/+[^:;\s]+);*\.*)$</ind:pattern>
++    <ind:instance datatype="int">1</ind:instance>
++  </ind:textfilecontent54_object>
++
++  <ind:textfilecontent54_object id="object_logging_configured_rsyslog_d" version="1">
++    <ind:path>/etc/rsyslog.d</ind:path>
++    <ind:filename operation="pattern match">^.+\.conf$</ind:filename>
++    <ind:pattern operation="pattern match">^[^(\s|#|\$)]+[\s]+.*[\s]+(\:\w+\:\S*|-?(\/+[^:;\s]+);*\.*)$</ind:pattern>
++    <ind:instance datatype="int">1</ind:instance>
++  </ind:textfilecontent54_object>
++
++</def-group>
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml
+new file mode 100644
+index 0000000000..f9477de9e9
+--- /dev/null
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml
+@@ -0,0 +1,34 @@
++documentation_complete: true
++
++title: 'Ensure logging is configured'
++
++description: |-
++    The <tt>/etc/rsyslog.conf</tt> and <tt>/etc/rsyslog.d/*.conf</tt> files
++    specifies rules for logging and which files are to be used to log certain
++    classes of messages.
++
++rationale: |-
++    A great deal of important security-related information is sent via
++    rsyslog (e.g., successful and failed su attempts, failed login attempts,
++    root login attempts, etc.).
++
++severity: medium
++
++identifiers:
++    cce@sle12: CCE-92379-7
++    cce@sle15: CCE-92497-7
++
++references:
++    cis@sle12: 4.2.1.4
++    cis@sle15: 4.2.1.4
++
++ocil_clause: 'no logging is configured'
++
++ocil: |-
++    Review the contents of the <tt>/etc/rsyslog.conf</tt> and <tt>/etc/rsyslog.d/*.conf</tt>
++    files to ensure appropriate logging is set. In addition, run the following command:
++    <pre>ls -l /var/log/</pre>
++    and verify that the log files are logging information
++
++fixtext: |-
++    Configure logging with selectors covering each priority
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/tests/rsyslog_file_with_everything_logged_to_messages.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/tests/rsyslog_file_with_everything_logged_to_messages.pass.sh
+new file mode 100644
+index 0000000000..a4fb1cf07a
+--- /dev/null
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/tests/rsyslog_file_with_everything_logged_to_messages.pass.sh
+@@ -0,0 +1,13 @@
++#!/bin/bash
++# platform = multi_platform_sle
++
++# Check rsyslog.conf with no includes and all loggging facility/priority configured to go to /var/log/messages
++
++source $SHARED/rsyslog_log_utils.sh
++cat << EOF > ${RSYSLOG_CONF}
++# rsyslog configuration file
++
++#### RULES ####
++
++*.*       /var/log/messages
++EOF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/tests/rsyslog_file_with_no_logging.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/tests/rsyslog_file_with_no_logging.fail.sh
+new file mode 100644
+index 0000000000..158cf4c98d
+--- /dev/null
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/tests/rsyslog_file_with_no_logging.fail.sh
+@@ -0,0 +1,12 @@
++#!/bin/bash
++# platform = multi_platform_sle
++
++# Check rsyslog.conf with no includes and no loggging facility/priority configured
++
++source $SHARED/rsyslog_log_utils.sh
++cat << EOF > ${RSYSLOG_CONF}
++# rsyslog configuration file
++
++#### RULES ####
++
++EOF
+diff --git a/products/debian10/profiles/anssi_np_nt28_average.profile b/products/debian10/profiles/anssi_np_nt28_average.profile
+index 600f1a6f71..4c42814719 100644
+--- a/products/debian10/profiles/anssi_np_nt28_average.profile
++++ b/products/debian10/profiles/anssi_np_nt28_average.profile
+@@ -22,9 +22,7 @@ selections:
+     - sshd_allow_only_protocol2
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+-    - file_owner_logfiles_value=adm
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - "!rsyslog_remote_loghost"
+diff --git a/products/debian10/profiles/standard.profile b/products/debian10/profiles/standard.profile
+index 3784182fa1..446f5aca1d 100644
+--- a/products/debian10/profiles/standard.profile
++++ b/products/debian10/profiles/standard.profile
+@@ -33,9 +33,7 @@ selections:
+     - sshd_allow_only_protocol2
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+-    - file_owner_logfiles_value=adm
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - "!rsyslog_remote_loghost"
+diff --git a/products/debian11/profiles/anssi_np_nt28_average.profile b/products/debian11/profiles/anssi_np_nt28_average.profile
+index 600f1a6f71..4c42814719 100644
+--- a/products/debian11/profiles/anssi_np_nt28_average.profile
++++ b/products/debian11/profiles/anssi_np_nt28_average.profile
+@@ -22,9 +22,7 @@ selections:
+     - sshd_allow_only_protocol2
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+-    - file_owner_logfiles_value=adm
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - "!rsyslog_remote_loghost"
+diff --git a/products/debian11/profiles/standard.profile b/products/debian11/profiles/standard.profile
+index e1b2c718df..c21f8d592b 100644
+--- a/products/debian11/profiles/standard.profile
++++ b/products/debian11/profiles/standard.profile
+@@ -33,9 +33,7 @@ selections:
+     - sshd_allow_only_protocol2
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+-    - file_owner_logfiles_value=adm
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - "!rsyslog_remote_loghost"
+diff --git a/products/rhel7/profiles/rht-ccp.profile b/products/rhel7/profiles/rht-ccp.profile
+index 12a3a25013..a246d5a094 100644
+--- a/products/rhel7/profiles/rht-ccp.profile
++++ b/products/rhel7/profiles/rht-ccp.profile
+@@ -11,8 +11,6 @@ description: |-
+ selections:
+     - var_selinux_state=enforcing
+     - var_selinux_policy_name=targeted
+-    - file_owner_logfiles_value=root
+-    - file_groupowner_logfiles_value=root
+     - sshd_idle_timeout_value=5_minutes
+     - var_accounts_minimum_age_login_defs=7
+     - var_accounts_passwords_pam_faillock_deny=5
+diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile
+index b192461f95..6856951bff 100644
+--- a/products/rhel8/profiles/rht-ccp.profile
++++ b/products/rhel8/profiles/rht-ccp.profile
+@@ -11,8 +11,6 @@ description: |-
+ selections:
+     - var_selinux_state=enforcing
+     - var_selinux_policy_name=targeted
+-    - file_owner_logfiles_value=root
+-    - file_groupowner_logfiles_value=root
+     - sshd_idle_timeout_value=5_minutes
+     - var_logind_session_timeout=5_minutes
+     - var_accounts_minimum_age_login_defs=7
+diff --git a/products/sle12/profiles/anssi_bp28_intermediary.profile b/products/sle12/profiles/anssi_bp28_intermediary.profile
+index 24a98fd824..22498b6b6f 100644
+--- a/products/sle12/profiles/anssi_bp28_intermediary.profile
++++ b/products/sle12/profiles/anssi_bp28_intermediary.profile
+@@ -23,3 +23,4 @@ description: |-
+ 
+ selections:
+   - anssi:all:intermediary
++
+diff --git a/products/sle15/profiles/standard.profile b/products/sle15/profiles/standard.profile
+index 204804c2ee..1af0a865ef 100644
+--- a/products/sle15/profiles/standard.profile
++++ b/products/sle15/profiles/standard.profile
+@@ -29,9 +29,7 @@ selections:
+     - service_cron_enabled
+     - service_ntp_enabled
+     - service_rsyslog_enabled
+-    - file_owner_logfiles_value=adm
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - ensure_logrotate_activated
+diff --git a/products/ubuntu1604/profiles/anssi_np_nt28_average.profile b/products/ubuntu1604/profiles/anssi_np_nt28_average.profile
+index 600f1a6f71..4c42814719 100644
+--- a/products/ubuntu1604/profiles/anssi_np_nt28_average.profile
++++ b/products/ubuntu1604/profiles/anssi_np_nt28_average.profile
+@@ -22,9 +22,7 @@ selections:
+     - sshd_allow_only_protocol2
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+-    - file_owner_logfiles_value=adm
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - "!rsyslog_remote_loghost"
+diff --git a/products/ubuntu1604/profiles/standard.profile b/products/ubuntu1604/profiles/standard.profile
+index 6fd70f0da6..93001f3bfe 100644
+--- a/products/ubuntu1604/profiles/standard.profile
++++ b/products/ubuntu1604/profiles/standard.profile
+@@ -34,9 +34,7 @@ selections:
+     - sshd_allow_only_protocol2
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+-    - file_owner_logfiles_value=adm
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - "!rsyslog_remote_loghost"
+diff --git a/products/ubuntu1804/profiles/anssi_np_nt28_average.profile b/products/ubuntu1804/profiles/anssi_np_nt28_average.profile
+index 600f1a6f71..4c42814719 100644
+--- a/products/ubuntu1804/profiles/anssi_np_nt28_average.profile
++++ b/products/ubuntu1804/profiles/anssi_np_nt28_average.profile
+@@ -22,9 +22,7 @@ selections:
+     - sshd_allow_only_protocol2
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+-    - file_owner_logfiles_value=adm
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - "!rsyslog_remote_loghost"
+diff --git a/products/ubuntu1804/profiles/standard.profile b/products/ubuntu1804/profiles/standard.profile
+index d587d499d8..a17117818e 100644
+--- a/products/ubuntu1804/profiles/standard.profile
++++ b/products/ubuntu1804/profiles/standard.profile
+@@ -32,9 +32,7 @@ selections:
+     - sshd_allow_only_protocol2
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+-    - file_owner_logfiles_value=adm
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - "!rsyslog_remote_loghost"
+diff --git a/products/ubuntu2004/profiles/standard.profile b/products/ubuntu2004/profiles/standard.profile
+index 823a69a5d9..6ed27aa16d 100644
+--- a/products/ubuntu2004/profiles/standard.profile
++++ b/products/ubuntu2004/profiles/standard.profile
+@@ -31,9 +31,7 @@ selections:
+     - sshd_disable_empty_passwords
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive
+-    - file_owner_logfiles_value=syslog
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - "!rsyslog_remote_loghost"
+diff --git a/products/ubuntu2204/profiles/standard.profile b/products/ubuntu2204/profiles/standard.profile
+index c8bc5369c9..1bb9f43e7d 100644
+--- a/products/ubuntu2204/profiles/standard.profile
++++ b/products/ubuntu2204/profiles/standard.profile
+@@ -31,9 +31,7 @@ selections:
+     - sshd_disable_empty_passwords
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive
+-    - file_owner_logfiles_value=syslog
+     - rsyslog_files_ownership
+-    - file_groupowner_logfiles_value=adm
+     - rsyslog_files_groupownership
+     - rsyslog_files_permissions
+     - "!rsyslog_remote_loghost"
+diff --git a/shared/references/cce-sle12-avail.txt b/shared/references/cce-sle12-avail.txt
+index c119834759..4e0a76f8de 100644
+--- a/shared/references/cce-sle12-avail.txt
++++ b/shared/references/cce-sle12-avail.txt
+@@ -54,7 +54,6 @@ CCE-92375-5
+ CCE-92376-3
+ CCE-92377-1
+ CCE-92378-9
+-CCE-92379-7
+ CCE-92380-5
+ CCE-92381-3
+ CCE-92382-1
+diff --git a/shared/references/cce-sle15-avail.txt b/shared/references/cce-sle15-avail.txt
+index d04c40d31f..e39dae033e 100644
+--- a/shared/references/cce-sle15-avail.txt
++++ b/shared/references/cce-sle15-avail.txt
+@@ -17,7 +17,6 @@ CCE-92492-8
+ CCE-92493-6
+ CCE-92495-1
+ CCE-92496-9
+-CCE-92497-7
+ CCE-92498-5
+ CCE-92499-3
+ CCE-92500-8
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template b/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template
+new file mode 100644
+index 0000000000..fc9e8844b6
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template
+@@ -0,0 +1,68 @@
++# platform = multi_platform_all
++# reboot = false
++# strategy = configure
++# complexity = low
++# disruption = medium
++
++- name: '{{{ rule_title }}} - Set rsyslog logfile configuration facts'
++  ansible.builtin.set_fact:
++    rsyslog_etc_config: "/etc/rsyslog.conf"
++
++# * And also the log file paths listed after rsyslog's $IncludeConfig directive
++#   (store the result into array for the case there's shell glob used as value of IncludeConfig)
++- name: '{{{ rule_title }}} - Get IncludeConfig directive'
++  ansible.builtin.shell: |
++    set -o pipefail
++    grep -e '$IncludeConfig' {{ rsyslog_etc_config }} | cut -d ' ' -f 2 || true
++  register: rsyslog_old_inc
++  changed_when: False
++
++- name: '{{{ rule_title }}} - Get include files directives'
++  ansible.builtin.shell: |
++    set -o pipefail
++    grep -oP '^\s*include\s*\(\s*file.*' {{ rsyslog_etc_config }} |cut  -d"\"" -f 2 || true
++  register: rsyslog_new_inc
++  changed_when: False
++
++- name: '{{{ rule_title }}} - Aggregate rsyslog includes'
++  ansible.builtin.set_fact:
++    include_config_output: "{{ rsyslog_old_inc.stdout_lines + rsyslog_new_inc.stdout_lines }}"
++
++- name: '{{{ rule_title }}} - List all config files'
++  ansible.builtin.find:
++    paths: "{{ include_config_output | list | map('dirname') }}"
++    patterns: "{{ include_config_output | list | map('basename') }}"
++    hidden: no
++    follow: yes
++  register: rsyslog_config_files
++  failed_when: False
++  changed_when: False
++
++- name: '{{{ rule_title }}} - Extract log files old format'
++  ansible.builtin.shell: |
++    set -o pipefail
++    grep -oP '^[^(\s|#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*\.*$' {{ item }}  |awk '{print $NF}'|sed -e 's/^-//' || true
++  loop: "{{ rsyslog_config_files.files|map(attribute='path')|list|flatten|unique + [ rsyslog_etc_config ] }}"
++  register: log_files_old
++  changed_when: False
++
++- name: '{{{ rule_title }}} - Extract log files new format'
++  ansible.builtin.shell: |
++    set -o pipefail
++    grep -ozP "action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)" {{ item }} | grep -aoP "File\s*=\s*\"([/[:alnum:][:punct:]]*)\"\s*\)"|grep -oE "\"([/[:alnum:][:punct:]]*)\"" |tr -d "\""|| true
++  loop: "{{ rsyslog_config_files.files|map(attribute='path')|list|flatten|unique + [ rsyslog_etc_config ] }}"
++  register: log_files_new
++  changed_when: False
++
++- name: '{{{ rule_title }}} - Sum all log files found'
++  ansible.builtin.set_fact:
++    log_files: "{{ log_files_new.results|map(attribute='stdout_lines')|list|flatten|unique + log_files_old.results|map(attribute='stdout_lines')|list|flatten|unique  }}"
++
++- name: '{{{ rule_title }}} -Setup log files attribute'
++  ansible.builtin.file:
++    path: "{{ item }}"
++    owner: '{{ ( "{{{ ATTRIBUTE }}}" is match("owner")) | ternary({{{ VALUE }}}, omit) }}'
++    group: '{{ ( "{{{ ATTRIBUTE }}}" is match("groupowner")) | ternary({{{ VALUE }}} , omit) }}'
++    state: file
++  loop: "{{ log_files | list | flatten | unique }}"
++  failed_when: false
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/bash.template b/shared/templates/rsyslog_logfiles_attributes_modify/bash.template
+new file mode 100644
+index 0000000000..ab4a563dc5
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/bash.template
+@@ -0,0 +1,110 @@
++# platform = multi_platform_all
++
++# List of log file paths to be inspected for correct permissions
++# * Primarily inspect log file paths listed in /etc/rsyslog.conf
++RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
++# * And also the log file paths listed after rsyslog's $IncludeConfig directive
++#   (store the result into array for the case there's shell glob used as value of IncludeConfig)
++readarray -t OLD_INC < <(grep -e "\$IncludeConfig[[:space:]]\+[^[:space:];]\+" /etc/rsyslog.conf | cut -d ' ' -f 2)
++readarray -t RSYSLOG_INCLUDE_CONFIG < <(for INCPATH in "${OLD_INC[@]}"; do eval printf '%s\\n' "${INCPATH}"; done)
++readarray -t NEW_INC < <(awk '/)/{f=0} /include\(/{f=1} f{nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){print nf}}' /etc/rsyslog.conf)
++readarray -t RSYSLOG_INCLUDE < <(for INCPATH in "${NEW_INC[@]}"; do eval printf '%s\\n' "${INCPATH}"; done)
++
++# Declare an array to hold the final list of different log file paths
++declare -a LOG_FILE_PATHS
++
++# Array to hold all rsyslog config entries
++RSYSLOG_CONFIGS=()
++RSYSLOG_CONFIGS=("${RSYSLOG_ETC_CONFIG}" "${RSYSLOG_INCLUDE_CONFIG[@]}" "${RSYSLOG_INCLUDE[@]}")
++
++# Get full list of files to be checked
++# RSYSLOG_CONFIGS may contain globs such as
++# /etc/rsyslog.d/*.conf /etc/rsyslog.d/*.frule
++# So, loop over the entries in RSYSLOG_CONFIGS and use find to get the list of included files.
++RSYSLOG_CONFIG_FILES=()
++for ENTRY in "${RSYSLOG_CONFIGS[@]}"
++do
++	# If directory, rsyslog will search for config files in recursively.
++	# However, files in hidden sub-directories or hidden files will be ignored.
++	if [ -d "${ENTRY}" ]
++	then
++		readarray -t FINDOUT < <(find "${ENTRY}" -not -path '*/.*' -type f)
++		RSYSLOG_CONFIG_FILES+=("${FINDOUT[@]}")
++	elif [ -f "${ENTRY}" ]
++	then
++		RSYSLOG_CONFIG_FILES+=("${ENTRY}")
++	else
++		echo "Invalid include object: ${ENTRY}"
++	fi
++done
++
++# Browse each file selected above as containing paths of log files
++# ('/etc/rsyslog.conf' and '/etc/rsyslog.d/*.conf' in the default configuration)
++for LOG_FILE in "${RSYSLOG_CONFIG_FILES[@]}"
++do
++	# From each of these files extract just particular log file path(s), thus:
++	# * Ignore lines starting with space (' '), comment ('#"), or variable syntax ('$') characters,
++	# * Ignore empty lines,
++	# * Strip quotes and closing brackets from paths.
++	# * Ignore paths that match /dev|/etc.*\.conf, as those are paths, but likely not log files
++	# * From the remaining valid rows select only fields constituting a log file path
++	# Text file column is understood to represent a log file path if and only if all of the following are met:
++	# * it contains at least one slash '/' character,
++	# * it is preceded by space
++	# * it doesn't contain space (' '), colon (':'), and semicolon (';') characters
++	# Search log file for path(s) only in case it exists!
++	if [[ -f "${LOG_FILE}" ]]
++	then
++		NORMALIZED_CONFIG_FILE_LINES=$(sed -e "/^[#|$]/d" "${LOG_FILE}")
++		LINES_WITH_PATHS=$(grep '[^/]*\s\+\S*/\S\+$' <<< "${NORMALIZED_CONFIG_FILE_LINES}")
++		FILTERED_PATHS=$(awk '{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/",$NF);print $NF}}' <<< "${LINES_WITH_PATHS}")
++		CLEANED_PATHS=$(sed -e "s/[\"')]//g; /\\/etc.*\.conf/d; /\\/dev\\//d" <<< "${FILTERED_PATHS}")
++		MATCHED_ITEMS=$(sed -e "/^$/d" <<< "${CLEANED_PATHS}")
++		# Since above sed command might return more than one item (delimited by newline), split the particular
++		# matches entries into new array specific for this log file
++		readarray -t ARRAY_FOR_LOG_FILE <<< "$MATCHED_ITEMS"
++		# Concatenate the two arrays - previous content of $LOG_FILE_PATHS array with
++		# items from newly created array for this log file
++		LOG_FILE_PATHS+=("${ARRAY_FOR_LOG_FILE[@]}")
++		# Delete the temporary array
++		unset ARRAY_FOR_LOG_FILE
++	fi
++done
++
++# Check for RainerScript action log format which might be also multiline so grep regex is a bit curly
++# extract possibly multiline action omfile expressions
++# extract File="logfile" expression
++# match only "logfile" expression
++for LOG_FILE in "${RSYSLOG_CONFIG_FILES[@]}"
++do
++	ACTION_OMFILE_LINES=$(grep -ozP "action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)" "${LOG_FILE}")
++	OMFILE_LINES=$(echo "${ACTION_OMFILE_LINES}"| grep -aoP "File\s*=\s*\"([/[:alnum:][:punct:]]*)\"\s*\)")
++	LOG_FILE_PATHS+=("$(echo "${OMFILE_LINES}"| grep -oE "\"([/[:alnum:][:punct:]]*)\""|tr -d "\"")")
++done
++
++FILE_PARAM="{{{ ATTRIBUTE }}}"
++FILE_CMD=""
++case "$FILE_PARAM" in
++     "groupowner")
++        FILE_CMD=$(which chgrp)
++        ;;
++     "owner")
++        FILE_CMD=$(which chown)
++        ;;
++      *)
++        echo -n "Not supported file attribute! "
++        exit 1
++      ;;
++esac
++
++# Correct the form o
++for LOG_FILE_PATH in "${LOG_FILE_PATHS[@]}"
++do
++	# Sanity check - if particular $LOG_FILE_PATH is empty string, skip it from further processing
++	if [ -z "$LOG_FILE_PATH" ]
++	then
++		continue
++	fi
++
++	$FILE_CMD "+{{{ VALUE }}}" "$LOG_FILE_PATH"
++done
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/oval.template b/shared/templates/rsyslog_logfiles_attributes_modify/oval.template
+new file mode 100644
+index 0000000000..4f288df1c9
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/oval.template
+@@ -0,0 +1,137 @@
++<def-group oval_version="5.11">
++  <definition class="compliance" id="{{{_RULE_ID }}}" version="1">
++    {{{ oval_metadata("All syslog log files should have appropriate ownership.") }}}
++    <criteria operator="AND">
++      {{% if product in ["debian10", "debian11", "ubuntu1604"] %}}
++      <extend_definition comment="rsyslog daemon is used as local logging daemon"
++      definition_ref="package_rsyslog_installed" />
++      {{% endif %}}
++      <criterion comment="Check if all system log files are owned by the appropriate 
++      {{{ ATTRIBUTE  }}}" test_ref="test_{{{ _RULE_ID }}}" />
++    </criteria>
++
++  </definition>
++
++  <!-- First obtain rsyslog's $IncludeConfig directive and include() object (introduced in rsyslog
++  v8.33.0) values.  -->
++  
++  <ind:textfilecontent54_object id="object_{{{ _RULE_ID }}}_include_config_value"
++       comment="rsyslog's $IncludeConfig directive and include() object values" version="1">
++    <ind:filepath>/etc/rsyslog.conf</ind:filepath>
++    <ind:pattern
++    operation="pattern match">^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$</ind:pattern>
++    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
++  </ind:textfilecontent54_object>
++
++  <!-- Turn that glob value into Perl's regex so it can be used as filepath pattern below -->
++  <local_variable id="var_{{{ _RULE_ID }}}_include_config_regex" datatype="string" version="1"
++  comment="$IncludeConfig value converted to regex">
++    <unique>
++      <glob_to_regex>
++        <object_component item_field="subexpression"
++                          object_ref="object_{{{ _RULE_ID }}}_include_config_value" />
++      </glob_to_regex>
++    </unique>
++  </local_variable>
++
++  <!-- Create a variable_object from the regex variable
++       If the variable has no values, there won't be any objects -->
++  <ind:variable_object id="object_var_{{{ _RULE_ID }}}_include_config_regex"
++                       comment="Make variable object from regex variable" version="1">
++    <ind:var_ref>var_{{{ _RULE_ID }}}_include_config_regex</ind:var_ref>
++  </ind:variable_object>
++
++  <local_variable id="var_{{{ _RULE_ID }}}_syslog_config" datatype="string"
++                  version="1" comment="Locations of all rsyslog configuration files as collection">
++    <literal_component datatype="string">^/etc/rsyslog.conf$</literal_component>
++  </local_variable>
++
++  <ind:variable_object id="object_var_{{{ _RULE_ID }}}_syslog_config"
++                       comment="Make variable object for use" version="1">
++    <ind:var_ref>var_{{{ _RULE_ID }}}_syslog_config</ind:var_ref>
++  </ind:variable_object>
++
++  <!-- Combine the two variable_objects into one variable_object
++       We do it this way to avoid referencing an empty variable in a state comparison, which
++       will cause a test to evaluate to fail. Combining an empty set of objects is fine though -->
++  <ind:variable_object id="object_var_{{{ _RULE_ID }}}_all_log_files"
++                       comment="Filter out empty string" version="1">
++    <set>
++      <object_reference>object_var_{{{ _RULE_ID }}}_include_config_regex</object_reference>
++      <object_reference>object_var_{{{ _RULE_ID }}}_syslog_config</object_reference>
++    </set>
++  </ind:variable_object>
++
++  <!-- In element filepath of object_rfg_log_files_paths we need to pass a list of values,
++       a list of objects won't do. So we make a local_variable from the variable_objects. -->
++  <local_variable id="var_{{{ _RULE_ID }}}_all_log_files" datatype="string" version="1"
++                  comment="Locations of all rsyslog configuration files as collection">
++    <object_component object_ref="object_var_{{{ _RULE_ID }}}_all_log_files" item_field="value"/>
++  </local_variable>
++
++  <!-- For each item from that collection (particular rsyslog's configuration file path) search
++       that rsyslog's configuration file to select file paths for log files directives
++  -->
++  <ind:textfilecontent54_object id="object_{{{ _RULE_ID }}}_log_files_paths"
++                                comment="All rsyslog configuration files" version="1">
++    <ind:filepath operation="pattern match" var_ref="var_{{{ _RULE_ID }}}_all_log_files"
++                  var_check="at least one" />
++    <!-- Chunk of text retrieved from rsyslog's configuration file is considered
++         to constitute a log file path if all of the following conditions are met:
++         * the string represents a regular file on particular file system
++           (verified via corresponding file_state below),
++         * the chunk of text is in the last column in the row,
++           (possibly suffixed by ';' character and rsyslog Template name),
++         * contains at least one slash '/' character, and simultaneously
++           doesn't contain any of ';', ':' and space characters,
++         * the chunk was retrieved from a row not starting with space, '#',
++           or '$' characters
++    -->
++    <ind:pattern 
++     operation="pattern match">^\s*[^(\s|#|\$)]+\s+-?[\w\(="\s]*(\/[^:;\s"]+)+.*$</ind:pattern>
++    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
++    <filter action="exclude">state_{{{ _RULE_ID }}}_ownership_ignore_include_paths</filter>
++  </ind:textfilecontent54_object>
++
++  <ind:textfilecontent54_state id="state_{{{ _RULE_ID }}}_ownership_ignore_include_paths"
++                               comment="ignore" version="1">
++    <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
++         include() or $IncludeConfig statements.
++         These paths are conf files, not log files. Their groupownership don't need to be as
++         required for log files, thus, lets exclude them from the list of objects found
++    -->
++    <ind:text
++    operation="pattern match">(?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+|\/dev\/.*)</ind:text>
++  </ind:textfilecontent54_state>
++
++  <!-- Define OVAL variable to hold all the various system log files locations
++       retrieved from the different rsyslog configuration files
++  -->
++  <local_variable id="var_{{{ _RULE_ID }}}_log_files_paths" datatype="string" version="1"
++                  comment="File paths of all rsyslog configuration files">
++    <object_component item_field="subexpression" object_ref="object_{{{ _RULE_ID }}}_log_files_paths" />
++  </local_variable>
++
++  <!-- Perform the test if all rsyslog system log files are owned by the appropriate group -->
++  <unix:file_test check="all" check_existence="all_exist" id="test_{{{ _RULE_ID }}}" version="1"
++                  comment="System log files are owned by the appropriate group">
++    <unix:object object_ref="object_rsyslog_files_{{{ _RULE_ID }}}_ownership" />
++    <unix:state state_ref="state_{{{ _RULE_ID }}}" />
++  </unix:file_test>
++
++  <unix:file_object id="object_rsyslog_files_{{{ _RULE_ID }}}_ownership"
++                    comment="Various system log files" version="1">
++    <unix:filepath datatype="string" var_ref="var_{{{ _RULE_ID }}}_log_files_paths"
++                   var_check="at least one" />
++  </unix:file_object>
++
++  <unix:file_state id="state_{{{ _RULE_ID }}}" version="1">
++    <unix:type operation="equals">regular</unix:type>
++    {{% if ATTRIBUTE == "groupowner" %}}
++    <unix:group_id datatype="int">{{{ VALUE }}}</unix:group_id>
++    {{% else %}}
++    <unix:user_id datatype="int">{{{ VALUE }}}</unix:user_id>
++   {{% endif %}}
++  </unix:file_state>
++
++</def-group>
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/template.yml b/shared/templates/rsyslog_logfiles_attributes_modify/template.yml
+new file mode 100644
+index 0000000000..b57de6fbb6
+--- /dev/null
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/template.yml
+@@ -0,0 +1,4 @@
++supported_languages:
++  - ansible
++  - bash
++  - oval
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh
+similarity index 75%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh
+index 6c82a1942f..db7e5261eb 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh
+@@ -6,8 +6,16 @@
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
++{{% if ATTRIBUTE == "owner" %}}
++ADDCOMMAND="useradd"
++CHATTR="chown"
++{{% else %}}
++ADDCOMMAND="groupadd"
++CHATTR="chgrp"
++{{% endif %}}
++
+ USER_TEST=testssg
+-useradd $USER_TEST
++$ADDCOMMAND $USER_TEST
+ 
+ USER_ROOT=root
+ 
+@@ -15,8 +23,8 @@ USER_ROOT=root
+ create_rsyslog_test_logs 2
+ 
+ # setup test log files ownership
+-chown $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
+-chown $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
+ 
+ # create test configuration file
+ test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_root.pass.sh
+similarity index 81%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_root.pass.sh
+index b24e5e1699..b03268fe3e 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_root.pass.sh
+@@ -6,14 +6,20 @@
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++{{% else %}}
++CHATTR="chgrp"
++{{% endif %}}
++
+ USER=root
+ 
+ # setup test data
+ create_rsyslog_test_logs 2
+ 
+ # setup test log files ownership
+-chown $USER ${RSYSLOG_TEST_LOGS[0]}
+-chown $USER ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
+ 
+ # create test configuration file
+ test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh
+similarity index 75%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh
+index 18f43c6927..d79ae23cfc 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh
+@@ -6,8 +6,16 @@
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
++{{% if ATTRIBUTE == "owner" %}}
++ADDCOMMAND="useradd"
++CHATTR="chown"
++{{% else %}}
++ADDCOMMAND="groupadd"
++CHATTR="chgrp"
++{{% endif %}}
++
+ USER_TEST=testssg
+-useradd $USER_TEST
++$ADDCOMMAND $USER_TEST
+ 
+ USER_ROOT=root
+ 
+@@ -15,8 +23,8 @@ USER_ROOT=root
+ create_rsyslog_test_logs 2
+ 
+ # setup test log files ownership
+-chown $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
+-chown $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
+ 
+ # create test configuration file
+ test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh
+old mode 100755
+new mode 100644
+similarity index 50%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh
+index 05dd50ed24..7869a180a8
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh
+@@ -1,20 +1,31 @@
+ #!/bin/bash
+ # platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+ 
+-# Check rsyslog.conf with root group-owner log from rules and
+-# root group-owner log from include() passes.
++# Check rsyslog.conf with root user log from rules and
++# root user log from include() passes.
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
+-GROUP=root
++{{% if ATTRIBUTE == "owner" %}}
++ADDCOMMAND="useradd"
++CHATTR="chown"
++{{% else %}}
++ADDCOMMAND="groupadd"
++CHATTR="chgrp"
++{{% endif %}}
++
++USER_TEST=testssg
++$ADDCOMMAND $USER_TEST
++
++USER=root
+ 
+ # setup test data
+ create_rsyslog_test_logs 3
+ 
+ # setup test log files ownership
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[0]}
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[1]}
+-chgrp $GROUP ${RSYSLOG_TEST_LOGS[2]}
++$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[2]}
+ 
+ # create test configuration file
+ test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+@@ -28,13 +39,25 @@ EOF
+ 
+ # create test2 configuration file
+ test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
++{{% if ATTRIBUTE == "owner" %}}
++cat << EOF > ${test_conf2}
++# rsyslog configuration file
++
++#### RULES ####
++
++
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="$USER_TEST" fileGroup="root" File="${RSYSLOG_TEST_LOGS[2]}")
++EOF
++{{% else %}}
+ cat << EOF > ${test_conf2}
+ # rsyslog configuration file
+ 
+ #### RULES ####
+ 
+-*.*     ${RSYSLOG_TEST_LOGS[2]}
++
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="$USER_TEST" File="${RSYSLOG_TEST_LOGS[2]}")
+ EOF
++{{% endif %}}
+ 
+ # create rsyslog.conf configuration file
+ cat << EOF > $RSYSLOG_CONF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh
+similarity index 81%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh
+index 69dead5135..e80395ca99 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh
+@@ -6,14 +6,21 @@
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
++
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++{{% else %}}
++CHATTR="chgrp"
++{{% endif %}}
++
+ USER=root
+ 
+ # setup test data
+ create_rsyslog_test_logs 2
+ 
+ # setup test log files ownership
+-chown $USER ${RSYSLOG_TEST_LOGS[0]}
+-chown $USER ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
+ 
+ # create test configuration file
+ test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh
+similarity index 77%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh
+index e725fb4d54..e7b4905dc5 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh
+@@ -6,18 +6,26 @@
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
++{{% if ATTRIBUTE == "owner" %}}
++ADDCOMMAND="useradd"
++CHATTR="chown"
++{{% else %}}
++ADDCOMMAND="groupadd"
++CHATTR="chgrp"
++{{% endif %}}
++
+ USER_ROOT=root
+ 
+ USER_TEST=testssg
+-useradd $USER_TEST
++$ADDCOMMAND $USER_TEST
+ 
+ # setup test data
+ create_rsyslog_test_logs 3
+ 
+ # setup test log files ownership
+-chown $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
+-chown $USER_ROOT ${RSYSLOG_TEST_LOGS[1]}
+-chown $USER_TEST ${RSYSLOG_TEST_LOGS[2]}
++$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[2]}
+ 
+ # create test configuration file
+ test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh
+similarity index 82%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh
+index ca47d453c1..6389e6ea3b 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh
+@@ -6,15 +6,21 @@
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++{{% else %}}
++CHATTR="chgrp"
++{{% endif %}}
++
+ USER=root
+ 
+ # setup test data
+ create_rsyslog_test_logs 3
+ 
+ # setup test log files ownership
+-chown $USER ${RSYSLOG_TEST_LOGS[0]}
+-chown $USER ${RSYSLOG_TEST_LOGS[1]}
+-chown $USER ${RSYSLOG_TEST_LOGS[2]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[2]}
+ 
+ # create test configuration file
+ test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh
+similarity index 65%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh
+index 9747e0b28b..6b81a77c2f 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh
+@@ -1,23 +1,26 @@
+ #!/bin/bash
+ # platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+ 
+-# Check rsyslog.conf with root group-owner log from rules and
+-# non root group-owner log from include() fails.
++# Check rsyslog.conf with root user log from rules and
++# root user log from include() passes.
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
+-GROUP_ROOT=root
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++{{% else %}}
++CHATTR="chgrp"
++{{% endif %}}
+ 
+-GROUP_TEST=testssg
+-groupadd $GROUP_TEST
++USER=root
+ 
+ # setup test data
+ create_rsyslog_test_logs 3
+ 
+ # setup test log files ownership
+-chgrp $GROUP_ROOT ${RSYSLOG_TEST_LOGS[0]}
+-chgrp $GROUP_ROOT ${RSYSLOG_TEST_LOGS[1]}
+-chgrp $GROUP_TEST ${RSYSLOG_TEST_LOGS[2]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[2]}
+ 
+ # create test configuration file
+ test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+@@ -36,7 +39,8 @@ cat << EOF > ${test_conf2}
+ 
+ #### RULES ####
+ 
+-*.*     ${RSYSLOG_TEST_LOGS[2]}
++
++*.*     action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="root" File="${RSYSLOG_TEST_LOGS[2]}")
+ EOF
+ 
+ # create rsyslog.conf configuration file
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh
+similarity index 81%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh
+index d68cc2e67d..78b105abf3 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh
+@@ -6,14 +6,20 @@
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++{{% else %}}
++CHATTR="chgrp"
++{{% endif %}}
++
+ USER=root
+ 
+ # setup test data
+ create_rsyslog_test_logs 2
+ 
+ # setup test log files ownership
+-chown $USER ${RSYSLOG_TEST_LOGS[0]}
+-chown $USER ${RSYSLOG_TEST_LOGS[1]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
+ 
+ # create test configuration file
+ test_conf=${RSYSLOG_TEST_DIR}/test1.conf
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_other.fail.sh
+similarity index 70%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/is_other.fail.sh
+index 7edbb17ea1..1afe20823c 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_other.fail.sh
+@@ -5,15 +5,23 @@
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
++{{% if ATTRIBUTE == "owner" %}}
++ADDCOMMAND="useradd"
++CHATTR="chown"
++{{% else %}}
++ADDCOMMAND="groupadd"
++CHATTR="chgrp"
++{{% endif %}}
++
+ USER=testssg
+ 
+-useradd $USER
++$ADDCOMMAND $USER
+ 
+ # setup test data
+ create_rsyslog_test_logs 1
+ 
+ # setup test log file ownership
+-chown $USER ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
+ 
+ # add rule with non-root user owned log file
+ cat << EOF > $RSYSLOG_CONF
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh
+similarity index 77%
+rename from linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh
+rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh
+index e0e518bc50..afce21fa27 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh
+@@ -5,13 +5,19 @@
+ 
+ source $SHARED/rsyslog_log_utils.sh
+ 
++{{% if ATTRIBUTE == "owner" %}}
++CHATTR="chown"
++{{% else %}}
++CHATTR="chgrp"
++{{% endif %}}
++
+ USER=root
+ 
+ # setup test data
+ create_rsyslog_test_logs 1
+ 
+ # setup test log file ownership
+-chown $USER ${RSYSLOG_TEST_LOGS[0]}
++$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
+ 
+ # add rule with root user owned log file
+ cat << EOF > $RSYSLOG_CONF
+-- 
+2.39.1
+
diff --git a/scap-security-guide.spec b/scap-security-guide.spec
index c3d293d..eda0e78 100644
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@@ -11,6 +11,16 @@ Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 URL:		https://github.com/ComplianceAsCode/content/
 Source0:	https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
+# Rsyslog files rules remediations
+Patch1:	 scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch
+# Extends rsyslog_logfiles_attributes_modify template for permissions
+Patch2:	 scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch
+# Change custom zones check in firewalld_sshd_port_enabled
+Patch3:	 scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch
+# Accept required and requisite control flag for pam_pwhistory
+Patch4:	 scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch
+# remove rule logind_session_timeout and associated variable from profiles
+Patch5:	 scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch
 BuildArch:	noarch
 
 BuildRequires:	libxslt
@@ -101,6 +111,10 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
 * Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1
 - Rebase to a new upstream release 0.1.66 (RHBZ#2169443)
 - Fix remediation of audit watch rules (RHBZ#2169441)
+- Fix check firewalld_sshd_port_enabled (RHBZ#2169443)
+- Fix accepted control flags for pam_pwhistory (RHBZ#2169443)
+- Unselect rule logind_session_timeout (RHBZ#2169443)
+- Add support rainer scripts in rsyslog rules (RHBZ#2169445)
 
 * Thu Aug 25 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.63-5
 - OSPP: fix rule related to coredump (RHBZ#2081688)