From 2f38b61e9b6b26dab05443a9bf03642971cbeeef Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Fri, 23 Jul 2021 16:32:15 -0500 Subject: [PATCH] Add new rule for RHEL-08-030710 --- .../ansible/shared.yml | 5 +++ .../bash/shared.sh | 6 +++ .../oval/shared.xml | 44 +++++++++++++++++++ .../rule.yml | 38 ++++++++++++++++ .../tests/default_no_pass.fail.sh | 7 +++ .../tests/rsyslog.pass.sh | 4 ++ .../tests/rsyslog_wrong_value.fail.sh | 4 ++ .../tests/rsyslogd.pass.sh | 4 ++ .../tests/rsyslogd_wrong_value.fail.sh | 4 ++ .../tests/setup.sh | 9 ++++ .../ansible/shared.yml | 5 +++ .../bash/shared.sh | 5 +++ .../oval/shared.xml | 44 +++++++++++++++++++ .../rule.yml | 38 ++++++++++++++++ .../tests/default_no_pass.fail.sh | 7 +++ .../tests/rsyslog.pass.sh | 4 ++ .../tests/rsyslog_wrong_value.fail.sh | 4 ++ .../tests/rsyslogd.pass.sh | 4 ++ .../tests/rsyslogd_wrong_value.fail.sh | 4 ++ .../tests/setup.sh | 9 ++++ products/rhel8/profiles/stig.profile | 2 + shared/references/cce-redhat-avail.txt | 2 - .../data/profile_stability/rhel8/stig.profile | 2 + .../profile_stability/rhel8/stig_gui.profile | 2 + 24 files changed, 255 insertions(+), 2 deletions(-) create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/bash/shared.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/oval/shared.xml create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/default_no_pass.fail.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslog.pass.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslog_wrong_value.fail.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslogd.pass.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslogd_wrong_value.fail.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/setup.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/bash/shared.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/oval/shared.xml create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/default_no_pass.fail.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslog.pass.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslog_wrong_value.fail.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslogd.pass.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslogd_wrong_value.fail.sh create mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/setup.sh diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml new file mode 100644 index 0000000000..2d6c5227a8 --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml @@ -0,0 +1,5 @@ +# platform = Red Hat Enterprise Linux 8,multi_platform_fedora + +{{{ ansible_set_config_file(file="/etc/rsyslog.d/encrypt.conf", + parameter="\$ActionSendStreamDriverMode", value="1", create=true, separator=" ", separator_regex=" ") +}}} diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/bash/shared.sh new file mode 100644 index 0000000000..36853d1786 --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/bash/shared.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# platform = Red Hat Enterprise Linux 8,multi_platform_fedora + +{{{ set_config_file(path="/etc/rsyslog.d/encrypt.conf", + parameter="\$ActionSendStreamDriverMode", value="1", create=true, separator=" ", separator_regex=" ") +}}} diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/oval/shared.xml new file mode 100644 index 0000000000..d21f8af1e4 --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/oval/shared.xml @@ -0,0 +1,44 @@ + + + + {{{ oval_metadata("Rsyslogd must encrypt the off-loading of logs off of the system.") }}} + + + + + + + + + + + + + + + /etc/rsyslog.conf + ^\$ActionSendStreamDriverMode 1$ + 1 + + + + + + + + /etc/rsyslog.d + ^.*conf$ + ^\$ActionSendStreamDriverMode 1$ + 1 + + diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml new file mode 100644 index 0000000000..1bcc33927b --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml @@ -0,0 +1,38 @@ +documentation_complete: true + +title: Ensure Rsyslog Encrypts Off-Loaded Audit Records + +description: |- + Rsyslogd is a system utility providing support for message logging. Support + for both internet and UNIX domain sockets enables this utility to support both local + and remote logging. Couple this utility with gnutls (which is a secure communications + library implementing the SSL, TLS and DTLS protocols), and you have a method to securely + encrypt and off-load auditing. + + When using rsyslogd to off-load logs off a encrpytion system must be used. + +rationale: |- + The audit records generated by Rsyslog contain valuable information regarding system + configuration, user authentication, and other such information. Audit records should be + protected from unauthorized access. + +severity: medium + +identifiers: + cce@rhel8: CCE-86098-1 + +references: + disa: CCI-001851 + nist: AU-4(1) + srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224 + stigid@rhel8: RHEL-08-030710 + +ocil_clause: 'rsyslogd ActionSendStreamDriverMode not set to 1' + +ocil: |- + Verify the operating system encrypts audit records off-loaded onto a different system + or media from the system being audited with the following commands: + +
$ sudo grep -i '$ActionSendStreamDriverMode' /etc/rsyslog.conf /etc/rsyslog.d/*.conf
+ The output should be +
/etc/rsyslog.conf:$ActionSendStreamDriverMode 1
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/default_no_pass.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/default_no_pass.fail.sh new file mode 100644 index 0000000000..3ee5384371 --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/default_no_pass.fail.sh @@ -0,0 +1,7 @@ +#!/bin/bash +bash -x setup.sh + +if [[ -f encrypt.conf ]]; then + sed -i i/\$ActionSendStreamDriverMod//g /etc/rsyslog.d/encrypt.conf +fi + sed -i i/\$ActionSendStreamDriverMod//g /etc/rsyslog.conf diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslog.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslog.pass.sh new file mode 100644 index 0000000000..34105aaa85 --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslog.pass.sh @@ -0,0 +1,4 @@ +#!/bin/bash +bash -x setup.sh + +echo "\$ActionSendStreamDriverMode 1" >> /etc/rsyslog.conf diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslog_wrong_value.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslog_wrong_value.fail.sh new file mode 100644 index 0000000000..db87b2956c --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslog_wrong_value.fail.sh @@ -0,0 +1,4 @@ +#!/bin/bash +bash -x setup.sh + +echo "\$ActionSendStreamDriverMode 0" >> /etc/rsyslog.d/encrypt.conf diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslogd.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslogd.pass.sh new file mode 100644 index 0000000000..25e7cdf783 --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslogd.pass.sh @@ -0,0 +1,4 @@ +#!/bin/bash +bash -x setup.sh + +echo "\$ActionSendStreamDriverMode 1" >> /etc/rsyslog.d/encrypt.conf diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslogd_wrong_value.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslogd_wrong_value.fail.sh new file mode 100644 index 0000000000..d37882acf3 --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/rsyslogd_wrong_value.fail.sh @@ -0,0 +1,4 @@ +#!/bin/bash +bash -x setup.sh + +echo "\$ActionSendStreamDriverMode 0" >> /etc/rsyslog diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/setup.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/setup.sh new file mode 100644 index 0000000000..9686f16bcc --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/tests/setup.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# Use this script to ensure the rsyslog directory structure and rsyslog conf file +# exist in the test env. +config_file=/etc/rsyslog.conf + +# Ensure directory structure exists (useful for container based testing) +test -f $config_file || touch $config_file + +test -d /etc/rsyslog.d/ || mkdir /etc/rsyslog.d/ diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml new file mode 100644 index 0000000000..2ddbfb871f --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml @@ -0,0 +1,5 @@ +# platform = Red Hat Enterprise Linux 8,multi_platform_fedora + +{{{ ansible_set_config_file(file="/etc/rsyslog.d/encrypt.conf", + parameter="\$DefaultNetstreamDriver", value="gtls", create=true, separator=" ", separator_regex=" ") +}}} diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/bash/shared.sh new file mode 100644 index 0000000000..3955346cd3 --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/bash/shared.sh @@ -0,0 +1,5 @@ +#!/bin/bash +# platform = Red Hat Enterprise Linux 8,multi_platform_fedora +{{{ set_config_file(path="/etc/rsyslog.d/encrypt.conf", + parameter="\$DefaultNetstreamDriver", value="gtls", create=true, separator=" ", separator_regex=" ") +}}} diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/oval/shared.xml new file mode 100644 index 0000000000..71d39c179d --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/oval/shared.xml @@ -0,0 +1,44 @@ + + + + {{{ oval_metadata("Rsyslogd must encrypt the off-loading of logs off of the system.") }}} + + + + + + + + + + + + + + + /etc/rsyslog.conf + ^\$DefaultNetstreamDriver gtls$ + 1 + + + + + + + + /etc/rsyslog.d + ^.*conf$ + ^\$DefaultNetstreamDriver gtls$ + 1 + + diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml new file mode 100644 index 0000000000..eff85d3fae --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml @@ -0,0 +1,38 @@ +documentation_complete: true + +title: Ensure Rsyslog Encrypts Off-Loaded Audit Records + +description: |- + Rsyslogd is a system utility providing support for message logging. Support + for both internet and UNIX domain sockets enables this utility to support both local + and remote logging. Couple this utility with gnutls (which is a secure communications + library implementing the SSL, TLS and DTLS protocols), and you have a method to securely + encrypt and off-load auditing. + + When using rsyslogd to off-load logs off a encrpytion system must be used. + +rationale: |- + The audit records generated by Rsyslog contain valuable information regarding system + configuration, user authentication, and other such information. Audit records should be + protected from unauthorized access. + +severity: medium + +identifiers: + cce@rhel8: CCE-85992-6 + +references: + disa: CCI-001851 + nist: AU-4(1) + srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224 + stigid@rhel8: RHEL-08-030710 + +ocil_clause: 'rsyslogd DefaultNetstreamDriver not set to gtls' + +ocil: |- + Verify the operating system encrypts audit records off-loaded onto a different system + or media from the system being audited with the following commands: + +
$ sudo grep -i '$DefaultNetstreamDriver' /etc/rsyslog.conf /etc/rsyslog.d/*.conf
+ The output should be +
/etc/rsyslog.conf:$DefaultNetstreamDriver gtls
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/default_no_pass.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/default_no_pass.fail.sh new file mode 100644 index 0000000000..6ab43bfc0d --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/default_no_pass.fail.sh @@ -0,0 +1,7 @@ +#!/bin/bash +bash -x setup.sh + +if [[ -f encrypt.conf ]]; then + sed -i i/\$DefaultNetstreamDriver*.$//g /etc/rsyslog.d/encrypt.conf +fi + sed -i i/\$DefaultNetstreamDriver*.$//g /etc/rsyslog.conf diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslog.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslog.pass.sh new file mode 100644 index 0000000000..40f1bfe087 --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslog.pass.sh @@ -0,0 +1,4 @@ +#!/bin/bash +bash -x setup.sh + +echo "\$DefaultNetstreamDriver gtls" >> /etc/rsyslog.conf diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslog_wrong_value.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslog_wrong_value.fail.sh new file mode 100644 index 0000000000..30a1d5b43a --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslog_wrong_value.fail.sh @@ -0,0 +1,4 @@ +#!/bin/bash +bash -x setup.sh + +echo "\$DefaultNetstreamDriver none" >> /etc/rsyslog.d/encrypt.conf diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslogd.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslogd.pass.sh new file mode 100644 index 0000000000..44715bca66 --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslogd.pass.sh @@ -0,0 +1,4 @@ +#!/bin/bash +bash -x setup.sh + +echo "\$DefaultNetstreamDriver gtls" >> /etc/rsyslog.d/encrypt.conf diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslogd_wrong_value.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslogd_wrong_value.fail.sh new file mode 100644 index 0000000000..30a1d5b43a --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/rsyslogd_wrong_value.fail.sh @@ -0,0 +1,4 @@ +#!/bin/bash +bash -x setup.sh + +echo "\$DefaultNetstreamDriver none" >> /etc/rsyslog.d/encrypt.conf diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/setup.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/setup.sh new file mode 100644 index 0000000000..9686f16bcc --- /dev/null +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/tests/setup.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# Use this script to ensure the rsyslog directory structure and rsyslog conf file +# exist in the test env. +config_file=/etc/rsyslog.conf + +# Ensure directory structure exists (useful for container based testing) +test -f $config_file || touch $config_file + +test -d /etc/rsyslog.d/ || mkdir /etc/rsyslog.d/ diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile index 6372d13cfc..1cc53cf1e1 100644 --- a/products/rhel8/profiles/stig.profile +++ b/products/rhel8/profiles/stig.profile @@ -828,6 +828,8 @@ selections: - auditd_overflow_action # RHEL-08-030710 + - rsyslog_encrypt_offload_defaultnetstreamdriver + - rsyslog_encrypt_offload_actionsendstreamdrivermode # RHEL-08-030720 diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index 24e8149168..fdf69f6baa 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -129,7 +129,6 @@ CCE-85988-4 CCE-85989-2 CCE-85990-0 CCE-85991-8 -CCE-85992-6 CCE-85993-4 CCE-85994-2 CCE-85995-9 @@ -235,7 +234,6 @@ CCE-86094-0 CCE-86095-7 CCE-86096-5 CCE-86097-3 -CCE-86098-1 CCE-86099-9 CCE-86100-5 CCE-86101-3 diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile index 32f1a24a7a..c0ef381696 100644 --- a/tests/data/profile_stability/rhel8/stig.profile +++ b/tests/data/profile_stability/rhel8/stig.profile @@ -228,6 +228,8 @@ selections: - require_singleuser_auth - root_permissions_syslibrary_files - rsyslog_cron_logging +- rsyslog_encrypt_offload_actionsendstreamdrivermode +- rsyslog_encrypt_offload_defaultnetstreamdriver - rsyslog_remote_access_monitoring - rsyslog_remote_loghost - security_patches_up_to_date diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile index d6a27c67dc..5adeea4a35 100644 --- a/tests/data/profile_stability/rhel8/stig_gui.profile +++ b/tests/data/profile_stability/rhel8/stig_gui.profile @@ -239,6 +239,8 @@ selections: - require_singleuser_auth - root_permissions_syslibrary_files - rsyslog_cron_logging +- rsyslog_encrypt_offload_actionsendstreamdrivermode +- rsyslog_encrypt_offload_defaultnetstreamdriver - rsyslog_remote_access_monitoring - rsyslog_remote_loghost - security_patches_up_to_date