From 95b79ffa7e9247bd65a92311b92e37b0d83e4432 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Tue, 2 Aug 2022 15:01:42 +0200 Subject: [PATCH] Add rsyslogd to the list of tools check by aide RHEL products will also check for integrity of /usr/sbin/rsyslogd. --- .../aide/aide_check_audit_tools/ansible/shared.yml | 1 + .../aide/aide_check_audit_tools/bash/shared.sh | 3 +-- .../aide/aide_check_audit_tools/oval/shared.xml | 2 +- .../aide/aide_check_audit_tools/tests/correct.pass.sh | 2 +- .../aide_check_audit_tools/tests/correct_with_selinux.pass.sh | 2 +- .../aide/aide_check_audit_tools/tests/not_config.fail.sh | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml index 9d1b7b675c9..5905ea8d0e6 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml @@ -22,6 +22,7 @@ - /usr/sbin/aureport - /usr/sbin/ausearch - /usr/sbin/autrace + {{% if product == 'ol8' or 'rhel' in product %}}- /usr/sbin/rsyslogd{{% endif %}} - name: Ensure existing AIDE configuration for audit tools are correct lineinfile: diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh index d0a1ba2522f..a81e25c3950 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh @@ -18,12 +18,11 @@ {{% set auditfiles = auditfiles + ["/usr/sbin/audispd"] %}} {{% endif %}} -{{% if product == 'ol8' %}} +{{% if product == 'ol8' or 'rhel' in product %}} {{% set auditfiles = auditfiles + ["/usr/sbin/rsyslogd"] %}} {{% endif %}} {{% for file in auditfiles %}} - if grep -i '^.*{{{file}}}.*$' {{{ aide_conf_path }}}; then sed -i "s#.*{{{file}}}.*#{{{file}}} {{{ aide_string() }}}#" {{{ aide_conf_path }}} else diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml index 6ce56c1137a..ca9bf4f94d0 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/oval/shared.xml @@ -11,7 +11,7 @@ {{% if 'rhel' not in product and product != 'ol8' %}} {{% endif %}} - {{% if product == 'ol8' %}} + {{% if product == 'ol8' or 'rhel' in product %}} {{% endif %}} diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh index 756b88d8a23..071dde13295 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh @@ -7,7 +7,7 @@ aide --init declare -a bins -bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace') +bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace' '/usr/sbin/rsyslogd') for theFile in "${bins[@]}" do diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh index f3a2a126d3d..cb9bbfa7350 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh @@ -4,7 +4,7 @@ yum -y install aide declare -a bins -bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace') +bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace' '/usr/sbin/rsyslogd') for theFile in "${bins[@]}" do diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh index 4315cef2073..a22aecb0000 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh @@ -6,7 +6,7 @@ yum -y install aide aide --init declare -a bins -bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace') +bins=('/usr/sbin/auditctl' '/usr/sbin/auditd' '/usr/sbin/augenrules' '/usr/sbin/aureport' '/usr/sbin/ausearch' '/usr/sbin/autrace' '/usr/sbin/rsyslogd') for theFile in "${bins[@]}" do