3149 lines
115 KiB
Diff
3149 lines
115 KiB
Diff
From 639ae28966832df2300fc486f493225e1e9aa87b Mon Sep 17 00:00:00 2001
|
|
From: Watson Sato <wsato@redhat.com>
|
|
Date: Tue, 7 Feb 2023 10:53:17 +0100
|
|
Subject: [PATCH 3/5] Extends rsyslog_logfiles_attributes_modify template for
|
|
permissions
|
|
|
|
Patch-name: scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch
|
|
Patch-status: Extends rsyslog_logfiles_attributes_modify template for permissions
|
|
---
|
|
.../ansible/shared.yml | 59 --------
|
|
.../rsyslog_files_permissions/bash/shared.sh | 92 ------------
|
|
.../rsyslog_files_permissions/oval/shared.xml | 131 -----------------
|
|
.../rsyslog_files_permissions/rule.yml | 30 +++-
|
|
.../IncludeConfig_glob_perms_0600.pass.sh | 40 -----
|
|
.../IncludeConfig_glob_perms_0601.fail.sh | 41 ------
|
|
.../tests/IncludeConfig_perms_0600.pass.sh | 39 -----
|
|
.../tests/IncludeConfig_perms_0601.fail.sh | 40 -----
|
|
.../include_config_syntax_perms_0600.pass.sh | 85 -----------
|
|
.../include_config_syntax_perms_0601.fail.sh | 86 -----------
|
|
.../include_multiline_perms_0600.pass.sh | 41 ------
|
|
.../tests/include_perms_0600.pass.sh | 39 -----
|
|
...erms_0600_IncludeConfig_perms_0600.pass.sh | 52 -------
|
|
...erms_0600_IncludeConfig_perms_0601.fail.sh | 53 -------
|
|
...00_IncludeConfig_perms_0601_hidden.pass.sh | 53 -------
|
|
...0_IncludeConfig_perms_0601_missing.pass.sh | 45 ------
|
|
.../include_perms_0600_cloudinit.pass.sh | 23 ---
|
|
.../tests/include_perms_0601.fail.sh | 41 ------
|
|
.../include_perms_0601_cloudinit.fail.sh | 22 ---
|
|
.../mixed_correct_attr_group_read.pass.sh | 25 ++++
|
|
.../tests/mixed_correct_attr_stricter.pass.sh | 25 ++++
|
|
.../tests/perms_0600.pass.sh | 35 -----
|
|
.../tests/perms_0601.fail.sh | 34 -----
|
|
.../ansible.template | 7 +-
|
|
.../bash.template | 33 ++---
|
|
.../oval.template | 138 +++++++++---------
|
|
.../template.py | 18 +++
|
|
.../tests/IncludeConfig_is_other.fail.sh | 50 -------
|
|
.../tests/include_is_other.fail.sh | 50 -------
|
|
...udeConfig_is_other_RainerLogClause.fail.sh | 75 ----------
|
|
.../tests/include_is_root.pass.sh | 46 ------
|
|
...ude_is_root_IncludeConfig_is_other.fail.sh | 63 --------
|
|
...lude_is_root_IncludeConfig_is_root.pass.sh | 58 --------
|
|
...ludeConfig_is_root_RainerLogClause.pass.sh | 59 --------
|
|
.../tests/include_multiline_is_root.pass.sh | 47 ------
|
|
.../tests/is_root.pass.sh | 30 ----
|
|
...er.fail.sh => legacy_correct_attr.pass.sh} | 26 ++--
|
|
...sh => legacy_include_correct_attr.pass.sh} | 32 ++--
|
|
.../legacy_include_incorrect_attr.fail.sh | 50 +++++++
|
|
.../tests/legacy_incorrect_attr.fail.sh | 33 +++++
|
|
.../tests/mixed_correct_attr.pass.sh | 33 +++++
|
|
.../tests/mixed_include_correct_attr.pass.sh | 58 ++++++++
|
|
...ixed_include_incorrect_attr_legacy.fail.sh | 63 ++++++++
|
|
...ixed_include_incorrect_attr_rainer.fail.sh | 63 ++++++++
|
|
.../mixed_incorrect_attr_cloudinit.fail.sh | 38 +++++
|
|
.../tests/mixed_incorrect_attr_legacy.fail.sh | 38 +++++
|
|
.../tests/mixed_incorrect_attr_rainer.fail.sh | 38 +++++
|
|
.../tests/rainer_correct_attr.pass.sh | 31 ++++
|
|
.../tests/rainer_include_correct_attr.pass.sh | 45 ++++++
|
|
.../rainer_include_incorrect_attr.fail.sh | 50 +++++++
|
|
...ner_include_multiline_correct_attr.pass.sh | 47 ++++++
|
|
...r_include_multiline_incorrect_attr.fail.sh | 52 +++++++
|
|
.../tests/rainer_incorrect_attr.fail.sh | 33 +++++
|
|
53 files changed, 875 insertions(+), 1660 deletions(-)
|
|
delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml
|
|
delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
|
|
delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0600.pass.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0601.fail.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
|
|
delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_hidden.pass.sh
|
|
delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_missing.pass.sh
|
|
delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_cloudinit.pass.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
|
|
delete mode 100644 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601_cloudinit.fail.sh
|
|
create mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_group_read.pass.sh
|
|
create mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_stricter.pass.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
|
|
delete mode 100755 linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
|
|
create mode 100644 shared/templates/rsyslog_logfiles_attributes_modify/template.py
|
|
delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh
|
|
delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh
|
|
delete mode 100644 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh
|
|
delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh
|
|
delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh
|
|
delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh
|
|
delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh
|
|
delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh
|
|
delete mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh
|
|
rename shared/templates/rsyslog_logfiles_attributes_modify/tests/{is_other.fail.sh => legacy_correct_attr.pass.sh} (53%)
|
|
rename shared/templates/rsyslog_logfiles_attributes_modify/tests/{IncludeConfig_is_root.pass.sh => legacy_include_correct_attr.pass.sh} (51%)
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_incorrect_attr.fail.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_incorrect_attr.fail.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_correct_attr.pass.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_legacy.fail.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_rainer.fail.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_cloudinit.fail.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_legacy.fail.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_rainer.fail.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_correct_attr.pass.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_incorrect_attr.fail.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_correct_attr.pass.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_incorrect_attr.fail.sh
|
|
create mode 100755 shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_incorrect_attr.fail.sh
|
|
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml
|
|
deleted file mode 100644
|
|
index ae8bbe3302..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml
|
|
+++ /dev/null
|
|
@@ -1,59 +0,0 @@
|
|
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
|
|
-# reboot = false
|
|
-# strategy = configure
|
|
-# complexity = low
|
|
-# disruption = medium
|
|
-
|
|
-- name: "Set rsyslog logfile configuration facts"
|
|
- set_fact:
|
|
- rsyslog_etc_config: "/etc/rsyslog.conf"
|
|
-{{% if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204", "sle15", "sle12"] %}}
|
|
- desired_perm_mode: "640"
|
|
-{{% else %}}
|
|
- desired_perm_mode: "600"
|
|
-{{% endif %}}
|
|
-
|
|
-# * And also the log file paths listed after rsyslog's $IncludeConfig directive
|
|
-# (store the result into array for the case there's shell glob used as value of IncludeConfig)
|
|
-- name: "Get IncludeConfig directive"
|
|
- shell: |
|
|
- set -o pipefail
|
|
- grep -e '$IncludeConfig' {{ rsyslog_etc_config }} | cut -d ' ' -f 2 || true
|
|
- register: rsyslog_old_inc
|
|
- changed_when: False
|
|
-
|
|
-- name: "Get include files directives"
|
|
- shell: |
|
|
- set -o pipefail
|
|
- grep -oP '^\s*include\s*\(\s*file.*' {{ rsyslog_etc_config }} |cut -d"\"" -f 2 || true
|
|
- register: rsyslog_new_inc
|
|
- changed_when: False
|
|
-
|
|
-- name: "Expand glob expressions"
|
|
- shell: |
|
|
- set -o pipefail
|
|
- eval printf '%s\\n' {{ item }}
|
|
- register: include_config_output
|
|
- loop: "{{ rsyslog_old_inc.stdout_lines + rsyslog_new_inc.stdout_lines }}"
|
|
-
|
|
-- name: "List all config files"
|
|
- shell: find {{ item }} -not -path "*/.*" -type f
|
|
- loop: "{{ include_config_output.results|map(attribute='stdout_lines')|list|flatten }}"
|
|
- register: rsyslog_config_files
|
|
- failed_when: False
|
|
- changed_when: False
|
|
-
|
|
-- name: "Extract log files"
|
|
- shell: |
|
|
- set -o pipefail
|
|
- grep -oP '^[^(\s|#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*\.*$' {{ item }} |awk '{print $NF}'|sed -e 's/^-//' || true
|
|
- loop: "{{ rsyslog_config_files.results|map(attribute='stdout_lines')|list|flatten|unique + [ rsyslog_etc_config ] }}"
|
|
- register: log_files
|
|
- changed_when: False
|
|
-
|
|
-- name: "Setup log files permissions"
|
|
- ignore_errors: yes
|
|
- file:
|
|
- path: "{{ item }}"
|
|
- mode: "{{ desired_perm_mode }}"
|
|
- loop: "{{ log_files.results|map(attribute='stdout_lines')|list|flatten|unique }}"
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
|
|
deleted file mode 100644
|
|
index e4e2ade29e..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
|
|
+++ /dev/null
|
|
@@ -1,92 +0,0 @@
|
|
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
|
|
-
|
|
-# List of log file paths to be inspected for correct permissions
|
|
-# * Primarily inspect log file paths listed in /etc/rsyslog.conf
|
|
-RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
|
|
-# * And also the log file paths listed after rsyslog's $IncludeConfig directive
|
|
-# (store the result into array for the case there's shell glob used as value of IncludeConfig)
|
|
-readarray -t OLD_INC < <(grep -e "\$IncludeConfig[[:space:]]\+[^[:space:];]\+" /etc/rsyslog.conf | cut -d ' ' -f 2)
|
|
-readarray -t RSYSLOG_INCLUDE_CONFIG < <(for INCPATH in "${OLD_INC[@]}"; do eval printf '%s\\n' "${INCPATH}"; done)
|
|
-readarray -t NEW_INC < <(awk '/)/{f=0} /include\(/{f=1} f{nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){print nf}}' /etc/rsyslog.conf)
|
|
-readarray -t RSYSLOG_INCLUDE < <(for INCPATH in "${NEW_INC[@]}"; do eval printf '%s\\n' "${INCPATH}"; done)
|
|
-
|
|
-# Declare an array to hold the final list of different log file paths
|
|
-declare -a LOG_FILE_PATHS
|
|
-
|
|
-# Array to hold all rsyslog config entries
|
|
-RSYSLOG_CONFIGS=()
|
|
-RSYSLOG_CONFIGS=("${RSYSLOG_ETC_CONFIG}" "${RSYSLOG_INCLUDE_CONFIG[@]}" "${RSYSLOG_INCLUDE[@]}")
|
|
-
|
|
-# Get full list of files to be checked
|
|
-# RSYSLOG_CONFIGS may contain globs such as
|
|
-# /etc/rsyslog.d/*.conf /etc/rsyslog.d/*.frule
|
|
-# So, loop over the entries in RSYSLOG_CONFIGS and use find to get the list of included files.
|
|
-RSYSLOG_CONFIG_FILES=()
|
|
-for ENTRY in "${RSYSLOG_CONFIGS[@]}"
|
|
-do
|
|
- # If directory, rsyslog will search for config files in recursively.
|
|
- # However, files in hidden sub-directories or hidden files will be ignored.
|
|
- if [ -d "${ENTRY}" ]
|
|
- then
|
|
- readarray -t FINDOUT < <(find "${ENTRY}" -not -path '*/.*' -type f)
|
|
- RSYSLOG_CONFIG_FILES+=("${FINDOUT[@]}")
|
|
- elif [ -f "${ENTRY}" ]
|
|
- then
|
|
- RSYSLOG_CONFIG_FILES+=("${ENTRY}")
|
|
- else
|
|
- echo "Invalid include object: ${ENTRY}"
|
|
- fi
|
|
-done
|
|
-
|
|
-# Browse each file selected above as containing paths of log files
|
|
-# ('/etc/rsyslog.conf' and '/etc/rsyslog.d/*.conf' in the default configuration)
|
|
-for LOG_FILE in "${RSYSLOG_CONFIG_FILES[@]}"
|
|
-do
|
|
- # From each of these files extract just particular log file path(s), thus:
|
|
- # * Ignore lines starting with space (' '), comment ('#"), or variable syntax ('$') characters,
|
|
- # * Ignore empty lines,
|
|
- # * Strip quotes and closing brackets from paths.
|
|
- # * Ignore paths that match /dev|/etc.*\.conf, as those are paths, but likely not log files
|
|
- # * From the remaining valid rows select only fields constituting a log file path
|
|
- # Text file column is understood to represent a log file path if and only if all of the following are met:
|
|
- # * it contains at least one slash '/' character,
|
|
- # * it is preceded by space
|
|
- # * it doesn't contain space (' '), colon (':'), and semicolon (';') characters
|
|
- # Search log file for path(s) only in case it exists!
|
|
- if [[ -f "${LOG_FILE}" ]]
|
|
- then
|
|
- NORMALIZED_CONFIG_FILE_LINES=$(sed -e "/^[#|$]/d" "${LOG_FILE}")
|
|
- LINES_WITH_PATHS=$(grep '[^/]*\s\+\S*/\S\+$' <<< "${NORMALIZED_CONFIG_FILE_LINES}")
|
|
- FILTERED_PATHS=$(awk '{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/",$NF);print $NF}}' <<< "${LINES_WITH_PATHS}")
|
|
- CLEANED_PATHS=$(sed -e "s/[\"')]//g; /\\/etc.*\.conf/d; /\\/dev\\//d" <<< "${FILTERED_PATHS}")
|
|
- MATCHED_ITEMS=$(sed -e "/^$/d" <<< "${CLEANED_PATHS}")
|
|
- # Since above sed command might return more than one item (delimited by newline), split the particular
|
|
- # matches entries into new array specific for this log file
|
|
- readarray -t ARRAY_FOR_LOG_FILE <<< "$MATCHED_ITEMS"
|
|
- # Concatenate the two arrays - previous content of $LOG_FILE_PATHS array with
|
|
- # items from newly created array for this log file
|
|
- LOG_FILE_PATHS+=("${ARRAY_FOR_LOG_FILE[@]}")
|
|
- # Delete the temporary array
|
|
- unset ARRAY_FOR_LOG_FILE
|
|
- fi
|
|
-done
|
|
-{{% if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204", "sle15", "sle12"] %}}
|
|
-DESIRED_PERM_MOD=640
|
|
-{{% else %}}
|
|
-DESIRED_PERM_MOD=600
|
|
-{{% endif %}}
|
|
-# Correct the form o
|
|
-for LOG_FILE_PATH in "${LOG_FILE_PATHS[@]}"
|
|
-do
|
|
- # Sanity check - if particular $LOG_FILE_PATH is empty string, skip it from further processing
|
|
- if [ -z "$LOG_FILE_PATH" ]
|
|
- then
|
|
- continue
|
|
- fi
|
|
-
|
|
- # Also for each log file check if its permissions differ from 600. If so, correct them
|
|
- if [ -f "$LOG_FILE_PATH" ] && [ "$(/usr/bin/stat -c %a "$LOG_FILE_PATH")" -ne $DESIRED_PERM_MOD ]
|
|
- then
|
|
- /bin/chmod $DESIRED_PERM_MOD "$LOG_FILE_PATH"
|
|
- fi
|
|
-done
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
|
|
deleted file mode 100644
|
|
index 559d5fb101..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
|
|
+++ /dev/null
|
|
@@ -1,131 +0,0 @@
|
|
-<def-group oval_version="5.11">
|
|
- <definition class="compliance" id="rsyslog_files_permissions" version="1">
|
|
- {{{ oval_metadata("File permissions for all syslog log files should be set correctly.") }}}
|
|
-
|
|
- <criteria operator="AND">
|
|
- {{% if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804"] %}}
|
|
- <extend_definition comment="rsyslog daemon is used as local logging daemon" definition_ref="package_rsyslog_installed" />
|
|
- {{% endif %}}
|
|
- <criterion comment="Check permissions of all system log files" test_ref="test_rsyslog_files_permissions" />
|
|
- </criteria>
|
|
-
|
|
- </definition>
|
|
-
|
|
- <!-- First obtain rsyslog's $IncludeConfig directive and include() object (introduced in rsyslog v8.33.0) values.
|
|
- To workaround empty include objects case, when FunctionGroup operations return "does not exist" result, added empty string match -->
|
|
- <ind:textfilecontent54_object id="object_rfp_rsyslog_include_config_value" comment="rsyslog's $IncludeConfig directive and include() object values" version="1">
|
|
- <ind:filepath>/etc/rsyslog.conf</ind:filepath>
|
|
- <ind:pattern operation="pattern match">^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$</ind:pattern>
|
|
- <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
- <filter action="exclude">state_permissions_ignore_hidden_paths</filter>
|
|
- </ind:textfilecontent54_object>
|
|
-
|
|
- <ind:textfilecontent54_state id="state_permissions_ignore_hidden_paths" comment="ignore hidden conf files" version="1">
|
|
- <!-- Among the paths matched in object_rfp_rsyslog_include_config_value there can be paths from
|
|
- include() or $IncludeConfig that point to hidden dirs or files.
|
|
- Rsyslog ignores these conf files, so we should ignore them too.
|
|
- -->
|
|
- <ind:subexpression operation="pattern match">^.*\/\..*$</ind:subexpression>
|
|
- </ind:textfilecontent54_state>
|
|
-
|
|
- <!-- Turn that glob value into Perl's regex so it can be used as filepath pattern below -->
|
|
- <local_variable id="var_rfp_include_config_regex" datatype="string" version="1" comment="$IncludeConfig value converted to regex">
|
|
- <unique>
|
|
- <glob_to_regex>
|
|
- <object_component item_field="subexpression" object_ref="object_rfp_rsyslog_include_config_value" />
|
|
- </glob_to_regex>
|
|
- </unique>
|
|
- </local_variable>
|
|
-
|
|
- <!-- Create a variable_object from the regex variable
|
|
- If the variable has no values, there won't be any objects -->
|
|
- <ind:variable_object id="object_var_rfp_include_config_regex" comment="Make variable object from regex variable" version="1">
|
|
- <ind:var_ref>var_rfp_include_config_regex</ind:var_ref>
|
|
- </ind:variable_object>
|
|
-
|
|
- <local_variable id="var_rfp_syslog_config" datatype="string" version="1" comment="Locations of all rsyslog configuration files as collection">
|
|
- <literal_component datatype="string">^/etc/rsyslog.conf$</literal_component>
|
|
- </local_variable>
|
|
-
|
|
- <ind:variable_object id="object_var_rfp_syslog_config" comment="Make variable object for use" version="1">
|
|
- <ind:var_ref>var_rfp_syslog_config</ind:var_ref>
|
|
- </ind:variable_object>
|
|
-
|
|
- <!-- Combine the two variable_objects into one variable_object
|
|
- We do it this way to avoid referencing an empty variable in a state comparison, which
|
|
- will cause a test to evaluate to fail. Combining an empty set of objects is fine though -->
|
|
- <ind:variable_object id="object_var_rfp_all_log_files" comment="Filter out empty string" version="1">
|
|
- <set>
|
|
- <object_reference>object_var_rfp_include_config_regex</object_reference>
|
|
- <object_reference>object_var_rfp_syslog_config</object_reference>
|
|
- </set>
|
|
- </ind:variable_object>
|
|
-
|
|
- <!-- In element filepath of object_rfg_log_files_paths we need to pass a list of values,
|
|
- a list of objects won't do. So we make a local_variable from the variable_objects. -->
|
|
- <local_variable id="var_rfp_all_log_files" datatype="string" version="1" comment="Locations of all rsyslog configuration files as collection">
|
|
- <object_component object_ref="object_var_rfp_all_log_files" item_field="value"/>
|
|
- </local_variable>
|
|
-
|
|
- <!-- For each item from that collection (particular rsyslog's configuration file path) search
|
|
- that rsyslog's configuration file to select file paths for log files directives
|
|
- -->
|
|
- <ind:textfilecontent54_object id="object_rfp_log_files_paths" comment="All rsyslog configuration files" version="1">
|
|
- <ind:filepath operation="pattern match" var_ref="var_rfp_all_log_files" var_check="at least one" />
|
|
- <!-- Chunk of text retrieved from rsyslog's configuration file is considered
|
|
- to constitute a log file path if all of the following conditions are met:
|
|
- * the string represents a regular file on particular file system
|
|
- (verified via corresponding file_state below),
|
|
- * the chunk of text is in the last column in the row,
|
|
- (possibly suffixed by ';' character and rsyslog Template name),
|
|
- * contains at least one slash '/' character, and simultaneously
|
|
- doesn't contain any of ';', ':' and space characters,
|
|
- * the chunk was retrieved from a row not starting with space, '#',
|
|
- or '$' characters
|
|
- -->
|
|
- <ind:pattern operation="pattern match">^[^(\s|#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*\.*$</ind:pattern>
|
|
- <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
- <filter action="exclude">state_permissions_ignore_include_paths</filter>
|
|
- </ind:textfilecontent54_object>
|
|
-
|
|
- <ind:textfilecontent54_state id="state_permissions_ignore_include_paths" comment="ignore" version="1">
|
|
- <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
|
|
- include() or $IncludeConfig statements.
|
|
- These paths are conf files, not log files. Their permissions don't need to be as
|
|
- required for log files, thus, lets exclude them from the list of objects found
|
|
- -->
|
|
- <ind:text operation="pattern match">(?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+|\/dev\/.*)</ind:text>
|
|
- </ind:textfilecontent54_state>
|
|
-
|
|
- <!-- Define OVAL variable to hold all the various system log files locations
|
|
- retrieved from the different rsyslog configuration files
|
|
- -->
|
|
- <local_variable id="var_rfp_log_files_paths" datatype="string" version="1" comment="File paths of all rsyslog configuration files">
|
|
- <object_component item_field="subexpression" object_ref="object_rfp_log_files_paths" />
|
|
- </local_variable>
|
|
-
|
|
- <!-- Perform the test if all rsyslog system log files have correct permissions -->
|
|
- <unix:file_test check="all" check_existence="all_exist" id="test_rsyslog_files_permissions" version="1" comment="Permissions of system log files are correct">
|
|
- <unix:object object_ref="object_rsyslog_files_permissions" />
|
|
- <unix:state state_ref="state_rsyslog_files_permissions" />
|
|
- </unix:file_test>
|
|
-
|
|
- <unix:file_object id="object_rsyslog_files_permissions" comment="Various system log files" version="1">
|
|
- <unix:filepath datatype="string" var_ref="var_rfp_log_files_paths" var_check="at least one" />
|
|
- </unix:file_object>
|
|
-
|
|
- <unix:file_state id="state_rsyslog_files_permissions" version="1">
|
|
- <unix:type operation="equals">regular</unix:type>
|
|
- <unix:uexec datatype="boolean">false</unix:uexec>
|
|
- {{% if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204", "sle15", "sle12"] %}}
|
|
- <unix:gread datatype="boolean">true</unix:gread>
|
|
- {{% else %}}
|
|
- <unix:gread datatype="boolean">false</unix:gread>
|
|
- {{% endif %}}
|
|
- <unix:gwrite datatype="boolean">false</unix:gwrite>
|
|
- <unix:gexec datatype="boolean">false</unix:gexec>
|
|
- <unix:oread datatype="boolean">false</unix:oread>
|
|
- <unix:owrite datatype="boolean">false</unix:owrite>
|
|
- <unix:oexec datatype="boolean">false</unix:oexec>
|
|
- </unix:file_state>
|
|
-</def-group>
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
|
|
index 508ff73cde..042c35362d 100644
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
|
|
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
|
|
@@ -1,18 +1,24 @@
|
|
+{{%- if product in ["debian10", "debian11", "ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204", "sle15", "sle12"] %}}
|
|
+ {{%- set rsyslog_perm='640' %}}
|
|
+{{%- else %}}
|
|
+ {{%- set rsyslog_perm='600' %}}
|
|
+{{%- endif %}}
|
|
+
|
|
documentation_complete: true
|
|
|
|
title: 'Ensure System Log Files Have Correct Permissions'
|
|
|
|
description: |-
|
|
The file permissions for all log files written by <tt>rsyslog</tt> should
|
|
- be set to 600, or more restrictive. These log files are determined by the
|
|
+ be set to {{{ rsyslog_perm }}}, or more restrictive. These log files are determined by the
|
|
second part of each Rule line in <tt>/etc/rsyslog.conf</tt> and typically
|
|
all appear in <tt>/var/log</tt>. For each log file <i>LOGFILE</i>
|
|
referenced in <tt>/etc/rsyslog.conf</tt>, run the following command to
|
|
inspect the file's permissions:
|
|
<pre>$ ls -l <i>LOGFILE</i></pre>
|
|
- If the permissions are not 600 or more restrictive, run the following
|
|
+ If the permissions are not {{{ rsyslog_perm }}} or more restrictive, run the following
|
|
command to correct this:
|
|
- <pre>$ sudo chmod 0600 <i>LOGFILE</i></pre>"
|
|
+ <pre>$ sudo chmod {{{ rsyslog_perm }}} <i>LOGFILE</i></pre>"
|
|
|
|
rationale: |-
|
|
Log files can contain valuable information regarding system
|
|
@@ -46,9 +52,23 @@ ocil_clause: 'the permissions are not correct'
|
|
|
|
ocil: |-
|
|
The file permissions for all log files written by <tt>rsyslog</tt> should
|
|
- be set to 600, or more restrictive. These log files are determined by the
|
|
+ be set to {{{ rsyslog_perm }}}, or more restrictive. These log files are determined by the
|
|
second part of each Rule line in <tt>/etc/rsyslog.conf</tt> and typically
|
|
all appear in <tt>/var/log</tt>. To see the permissions of a given log
|
|
file, run the following command:
|
|
<pre>$ ls -l <i>LOGFILE</i></pre>
|
|
- The permissions should be 600, or more restrictive.
|
|
+ The permissions should be {{{ rsyslog_perm }}}, or more restrictive.
|
|
+
|
|
+template:
|
|
+ name: rsyslog_logfiles_attributes_modify
|
|
+ vars:
|
|
+ attribute: permissions
|
|
+ value: '0600'
|
|
+ value@debian10: '0640'
|
|
+ value@debian11: '0640'
|
|
+ value@sle12: '0640'
|
|
+ value@sle15: '0640'
|
|
+ value@ubuntu1604: '0640'
|
|
+ value@ubuntu1804: '0640'
|
|
+ value@ubuntu2004: '0640'
|
|
+ value@ubuntu2204: '0640'
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh
|
|
deleted file mode 100755
|
|
index c27e7874d9..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,40 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with log file permissions 0600 from rules and
|
|
-# log file permissions 0600 from $IncludeConfig passes.
|
|
-# test $IncludeConfig with wildcard (*.conf)
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS=0600
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*.conf
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh
|
|
deleted file mode 100755
|
|
index 124b5e863e..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,41 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
|
|
-
|
|
-# Check rsyslog.conf with log file permissions 0600 from rules and
|
|
-# log file permissions 0601 from $IncludeConfig fails.
|
|
-# test $IncludeConfig with wildcard (*.conf)
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS_PASS=0600
|
|
-PERMS_FAIL=0601
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*.conf
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
|
|
deleted file mode 100755
|
|
index a6ff6a1109..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,39 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with log file permissions 0600 from rules and
|
|
-# log file permissions 0600 from $IncludeConfig passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS=0600
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-\$IncludeConfig ${test_conf}
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
|
|
deleted file mode 100755
|
|
index 2ae5c89a4e..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,40 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
|
|
-
|
|
-# Check rsyslog.conf with log file permissions 0600 from rules and
|
|
-# log file permissions 0601 from $IncludeConfig fails.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS_PASS=0600
|
|
-PERMS_FAIL=0601
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-\$IncludeConfig ${test_conf}
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0600.pass.sh
|
|
deleted file mode 100755
|
|
index a5a2f67fad..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0600.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,85 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with log file permissions 0600 from rules and
|
|
-# log file permissions 0600 from $IncludeConfig passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS=0600
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 5
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[1]}
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[2]}
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[3]}
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[4]}
|
|
-
|
|
-# create test configuration files
|
|
-conf_subdir=${RSYSLOG_TEST_DIR}/subdir
|
|
-conf_hiddir=${RSYSLOG_TEST_DIR}/.hiddir
|
|
-mkdir ${conf_subdir}
|
|
-mkdir ${conf_hiddir}
|
|
-
|
|
-test_conf_in_subdir=${conf_subdir}/in_subdir.conf
|
|
-test_conf_name_bak=${RSYSLOG_TEST_DIR}/name.bak
|
|
-
|
|
-test_conf_in_hiddir=${conf_hiddir}/in_hiddir.conf
|
|
-test_conf_dot_name=${RSYSLOG_TEST_DIR}/.name.conf
|
|
-
|
|
-cat << EOF > ${test_conf_in_subdir}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-cat << EOF > ${test_conf_name_bak}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[2]}
|
|
-EOF
|
|
-
|
|
-cat << EOF > ${test_conf_in_hiddir}
|
|
-# rsyslog configuration file
|
|
-# not used
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[3]}
|
|
-EOF
|
|
-
|
|
-cat << EOF > ${test_conf_dot_name}
|
|
-# rsyslog configuration file
|
|
-# not used
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[4]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${RSYSLOG_TEST_DIR}/*/*.conf" mode="optional")
|
|
-include(file="${RSYSLOG_TEST_DIR}/*.conf" mode="optional")
|
|
-include(file="${RSYSLOG_TEST_DIR}" mode="optional")
|
|
-
|
|
-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*/*.conf
|
|
-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*.conf
|
|
-\$IncludeConfig ${RSYSLOG_TEST_DIR}
|
|
-
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0601.fail.sh
|
|
deleted file mode 100755
|
|
index fe4db0a3c9..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_config_syntax_perms_0601.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,86 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with log file permissions 0600 from rules and
|
|
-# log file permissions 0601 from $IncludeConfig fails.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS_PASS=0600
|
|
-PERMS_FAIL=0601
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 5
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[1]}
|
|
-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[2]}
|
|
-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[3]}
|
|
-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[4]}
|
|
-
|
|
-# create test configuration files
|
|
-conf_subdir=${RSYSLOG_TEST_DIR}/subdir
|
|
-conf_hiddir=${RSYSLOG_TEST_DIR}/.hiddir
|
|
-mkdir ${conf_subdir}
|
|
-mkdir ${conf_hiddir}
|
|
-
|
|
-test_conf_in_subdir=${conf_subdir}/in_subdir.conf
|
|
-test_conf_name_bak=${RSYSLOG_TEST_DIR}/name.bak
|
|
-
|
|
-test_conf_in_hiddir=${conf_hiddir}/in_hiddir.conf
|
|
-test_conf_dot_name=${RSYSLOG_TEST_DIR}/.name.conf
|
|
-
|
|
-cat << EOF > ${test_conf_in_subdir}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-cat << EOF > ${test_conf_name_bak}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[2]}
|
|
-EOF
|
|
-
|
|
-cat << EOF > ${test_conf_in_hiddir}
|
|
-# rsyslog configuration file
|
|
-# not used
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[3]}
|
|
-EOF
|
|
-
|
|
-cat << EOF > ${test_conf_dot_name}
|
|
-# rsyslog configuration file
|
|
-# not used
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[4]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${RSYSLOG_TEST_DIR}/*/*.conf" mode="optional")
|
|
-include(file="${RSYSLOG_TEST_DIR}/*.conf" mode="optional")
|
|
-include(file="${RSYSLOG_TEST_DIR}" mode="optional")
|
|
-
|
|
-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*/*.conf
|
|
-\$IncludeConfig ${RSYSLOG_TEST_DIR}/*.conf
|
|
-\$IncludeConfig ${RSYSLOG_TEST_DIR}
|
|
-
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
|
|
deleted file mode 100755
|
|
index eabcb21956..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,41 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with log file permissions 0600 from rules and
|
|
-# log file permissions 0600 from multiline include() passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS=0600
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(
|
|
- file="${test_conf}"
|
|
-)
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
|
|
deleted file mode 100755
|
|
index 32cd4c334a..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,39 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with log file permissions 0600 from rules and
|
|
-# log file permissions 0600 from include() passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS=0600
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
|
|
deleted file mode 100755
|
|
index 357d4f9718..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,52 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
|
|
-
|
|
-# Check rsyslog.conf with log file permisssions 0600 from rules and
|
|
-# log file permissions 0600 from include() passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS_PASS=0600
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 3
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[1]}
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[2]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create test2 configuration file
|
|
-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
|
|
-cat << EOF > ${test_conf2}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[2]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-
|
|
-\$IncludeConfig ${test_conf2}
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
|
|
deleted file mode 100755
|
|
index 7bdb830c00..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,53 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
|
|
-
|
|
-# Check rsyslog.conf with log file permisssions 0600 from rules and
|
|
-# log file permissions 0601 from include() fails.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS_PASS=0600
|
|
-PERMS_FAIL=0601
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 3
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[1]}
|
|
-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[2]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create test2 configuration file
|
|
-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
|
|
-cat << EOF > ${test_conf2}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[2]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-
|
|
-\$IncludeConfig ${test_conf2}
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_hidden.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_hidden.pass.sh
|
|
deleted file mode 100644
|
|
index 9b0185c6b2..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_hidden.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,53 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
|
|
-
|
|
-# Check rsyslog.conf with log file permisssions 0600 from rules and
|
|
-# log file permissions 0601 from include() fails.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS_PASS=0600
|
|
-PERMS_FAIL=0601
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 3
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[1]}
|
|
-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[2]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create hidden test2 configuration file
|
|
-test_conf2=${RSYSLOG_TEST_DIR}/.test2.conf
|
|
-cat << EOF > ${test_conf2}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[2]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-
|
|
-\$IncludeConfig ${test_conf2}
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_missing.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_missing.pass.sh
|
|
deleted file mode 100644
|
|
index b929f2a94a..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601_missing.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,45 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
|
|
-
|
|
-# Check rsyslog.conf with log file permisssions 0600 from rules and
|
|
-# log file permissions 0601 from include() fails.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS_PASS=0600
|
|
-PERMS_FAIL=0601
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 3
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[1]}
|
|
-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[2]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# Skip creation test2 configuration file
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-
|
|
-\$IncludeConfig ${test_conf2}
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_cloudinit.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_cloudinit.pass.sh
|
|
deleted file mode 100644
|
|
index 2eb515a43e..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_cloudinit.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,23 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS=0600
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[@]}
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-:syslogtag, isequal, "[CLOUDINIT]" ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
|
|
deleted file mode 100755
|
|
index fd3f9e92ec..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,41 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
|
|
-
|
|
-# Check rsyslog.conf with log file permissions 0600 from rules and
|
|
-# log file permissions 0601 from include() fails.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS_FAIL=0601
|
|
-
|
|
-PERMS_PASS=0600
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod $PERMS_PASS ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod $PERMS_FAIL ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601_cloudinit.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601_cloudinit.fail.sh
|
|
deleted file mode 100644
|
|
index 7a598626d0..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601_cloudinit.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,22 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files and permissions
|
|
-chmod 0600 ${RSYSLOG_TEST_LOGS[0]}
|
|
-chmod 0601 ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-:syslogtag, isequal, "[CLOUDINIT]" ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_group_read.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_group_read.pass.sh
|
|
new file mode 100755
|
|
index 0000000000..b3846fec47
|
|
--- /dev/null
|
|
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_group_read.pass.sh
|
|
@@ -0,0 +1,25 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_sle,multi_platform_ubuntu
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0640"
|
|
+
|
|
+# create three test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# add rules with both syntax for different test log files
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
|
|
+
|
|
+EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_stricter.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_stricter.pass.sh
|
|
new file mode 100755
|
|
index 0000000000..0b4cb5dce0
|
|
--- /dev/null
|
|
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/mixed_correct_attr_stricter.pass.sh
|
|
@@ -0,0 +1,25 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_all
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0400"
|
|
+
|
|
+# create three test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# add rules with both syntax for different test log files
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
|
|
+
|
|
+EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
|
|
deleted file mode 100755
|
|
index fbdcd18f77..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,35 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
-
|
|
-# Check if log file with permissions 0600 in rsyslog.conf passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS=0600
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 4
|
|
-
|
|
-# setup all files with incorrect permission
|
|
-chmod 0601 "${RSYSLOG_TEST_LOGS[@]}"
|
|
-
|
|
-# setup the real logfile with correct permissions
|
|
-chmod $PERMS "${RSYSLOG_TEST_LOGS[0]}"
|
|
-
|
|
-# add rule with 0600 permissions log file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
- *.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-authpriv.* /nonexistent_file
|
|
-
|
|
-# *.* /irrelevant_file
|
|
-
|
|
-\$something /irrelevant_file
|
|
-
|
|
-EOF
|
|
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
|
|
deleted file mode 100755
|
|
index 75e9558c63..0000000000
|
|
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,34 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
-
|
|
-# Check if log file with permissions 0601 in rsyslog.conf fails.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-PERMS=0601
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 3
|
|
-
|
|
-# setup test log file and permissions
|
|
-chmod $PERMS ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-# add rule with 0601 permissions log file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-cron.* /nonexistent_file
|
|
-
|
|
- authpriv.* /irrelevant_file
|
|
-
|
|
-# *.* /irrelevant_file
|
|
-
|
|
-\$something /irrelevant_file
|
|
-
|
|
-something.* ${RSYSLOG_TEST_LOGS[2]}
|
|
-
|
|
-EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template b/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template
|
|
index fc9e8844b6..81d6220415 100644
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template
|
|
@@ -20,7 +20,7 @@
|
|
- name: '{{{ rule_title }}} - Get include files directives'
|
|
ansible.builtin.shell: |
|
|
set -o pipefail
|
|
- grep -oP '^\s*include\s*\(\s*file.*' {{ rsyslog_etc_config }} |cut -d"\"" -f 2 || true
|
|
+ awk '/)/{f=0} /include\(/{f=1} f{nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){print nf}}' {{ rsyslog_etc_config }} || true
|
|
register: rsyslog_new_inc
|
|
changed_when: False
|
|
|
|
@@ -61,8 +61,9 @@
|
|
- name: '{{{ rule_title }}} -Setup log files attribute'
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
- owner: '{{ ( "{{{ ATTRIBUTE }}}" is match("owner")) | ternary({{{ VALUE }}}, omit) }}'
|
|
- group: '{{ ( "{{{ ATTRIBUTE }}}" is match("groupowner")) | ternary({{{ VALUE }}} , omit) }}'
|
|
+ {{{ 'owner: ' ~ VALUE if ATTRIBUTE == "owner" }}}
|
|
+ {{{- 'group: ' ~ VALUE if ATTRIBUTE == "groupowner" }}}
|
|
+ {{{- 'mode: ' ~ VALUE if ATTRIBUTE == "permissions" }}}
|
|
state: file
|
|
loop: "{{ log_files | list | flatten | unique }}"
|
|
failed_when: false
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/bash.template b/shared/templates/rsyslog_logfiles_attributes_modify/bash.template
|
|
index ab4a563dc5..d6755d5692 100644
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/bash.template
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/bash.template
|
|
@@ -48,7 +48,8 @@ do
|
|
# * Strip quotes and closing brackets from paths.
|
|
# * Ignore paths that match /dev|/etc.*\.conf, as those are paths, but likely not log files
|
|
# * From the remaining valid rows select only fields constituting a log file path
|
|
- # Text file column is understood to represent a log file path if and only if all of the following are met:
|
|
+ # Text file column is understood to represent a log file path if and only if all of the
|
|
+ # following are met:
|
|
# * it contains at least one slash '/' character,
|
|
# * it is preceded by space
|
|
# * it doesn't contain space (' '), colon (':'), and semicolon (';') characters
|
|
@@ -60,8 +61,8 @@ do
|
|
FILTERED_PATHS=$(awk '{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/",$NF);print $NF}}' <<< "${LINES_WITH_PATHS}")
|
|
CLEANED_PATHS=$(sed -e "s/[\"')]//g; /\\/etc.*\.conf/d; /\\/dev\\//d" <<< "${FILTERED_PATHS}")
|
|
MATCHED_ITEMS=$(sed -e "/^$/d" <<< "${CLEANED_PATHS}")
|
|
- # Since above sed command might return more than one item (delimited by newline), split the particular
|
|
- # matches entries into new array specific for this log file
|
|
+ # Since above sed command might return more than one item (delimited by newline), split
|
|
+ # the particular matches entries into new array specific for this log file
|
|
readarray -t ARRAY_FOR_LOG_FILE <<< "$MATCHED_ITEMS"
|
|
# Concatenate the two arrays - previous content of $LOG_FILE_PATHS array with
|
|
# items from newly created array for this log file
|
|
@@ -71,7 +72,8 @@ do
|
|
fi
|
|
done
|
|
|
|
-# Check for RainerScript action log format which might be also multiline so grep regex is a bit curly
|
|
+# Check for RainerScript action log format which might be also multiline so grep regex is a bit
|
|
+# curly:
|
|
# extract possibly multiline action omfile expressions
|
|
# extract File="logfile" expression
|
|
# match only "logfile" expression
|
|
@@ -82,22 +84,10 @@ do
|
|
LOG_FILE_PATHS+=("$(echo "${OMFILE_LINES}"| grep -oE "\"([/[:alnum:][:punct:]]*)\""|tr -d "\"")")
|
|
done
|
|
|
|
-FILE_PARAM="{{{ ATTRIBUTE }}}"
|
|
-FILE_CMD=""
|
|
-case "$FILE_PARAM" in
|
|
- "groupowner")
|
|
- FILE_CMD=$(which chgrp)
|
|
- ;;
|
|
- "owner")
|
|
- FILE_CMD=$(which chown)
|
|
- ;;
|
|
- *)
|
|
- echo -n "Not supported file attribute! "
|
|
- exit 1
|
|
- ;;
|
|
-esac
|
|
-
|
|
-# Correct the form o
|
|
+# Ensure the correct attribute if file exists
|
|
+{{{ 'FILE_CMD="chown"' if ATTRIBUTE == "owner" }}}
|
|
+{{{- 'FILE_CMD="chgrp"' if ATTRIBUTE == "groupowner" }}}
|
|
+{{{- 'FILE_CMD="chmod"' if ATTRIBUTE == "permissions" }}}
|
|
for LOG_FILE_PATH in "${LOG_FILE_PATHS[@]}"
|
|
do
|
|
# Sanity check - if particular $LOG_FILE_PATH is empty string, skip it from further processing
|
|
@@ -105,6 +95,5 @@ do
|
|
then
|
|
continue
|
|
fi
|
|
-
|
|
- $FILE_CMD "+{{{ VALUE }}}" "$LOG_FILE_PATH"
|
|
+ $FILE_CMD "{{{ VALUE }}}" "$LOG_FILE_PATH"
|
|
done
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/oval.template b/shared/templates/rsyslog_logfiles_attributes_modify/oval.template
|
|
index 4f288df1c9..243d678852 100644
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/oval.template
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/oval.template
|
|
@@ -3,59 +3,57 @@
|
|
{{{ oval_metadata("All syslog log files should have appropriate ownership.") }}}
|
|
<criteria operator="AND">
|
|
{{% if product in ["debian10", "debian11", "ubuntu1604"] %}}
|
|
- <extend_definition comment="rsyslog daemon is used as local logging daemon"
|
|
- definition_ref="package_rsyslog_installed" />
|
|
+ <extend_definition definition_ref="package_rsyslog_installed"
|
|
+ comment="rsyslog daemon is used as local logging daemon"/>
|
|
{{% endif %}}
|
|
- <criterion comment="Check if all system log files are owned by the appropriate
|
|
- {{{ ATTRIBUTE }}}" test_ref="test_{{{ _RULE_ID }}}" />
|
|
+ <criterion test_ref="test_{{{ _RULE_ID }}}"
|
|
+ comment="Check if all system log files have appropriate {{{ ATTRIBUTE }}} set"/>
|
|
</criteria>
|
|
-
|
|
</definition>
|
|
|
|
- <!-- First obtain rsyslog's $IncludeConfig directive and include() object (introduced in rsyslog
|
|
- v8.33.0) values. -->
|
|
-
|
|
- <ind:textfilecontent54_object id="object_{{{ _RULE_ID }}}_include_config_value"
|
|
- comment="rsyslog's $IncludeConfig directive and include() object values" version="1">
|
|
+ <!-- First obtain rsyslog's $IncludeConfig directive and include() object values.
|
|
+ The last was introduced in rsyslog v8.33.0). -->
|
|
+ <ind:textfilecontent54_object id="object_{{{ _RULE_ID }}}_include_config_value" version="1"
|
|
+ comment="rsyslog's $IncludeConfig and include() statements values.">
|
|
<ind:filepath>/etc/rsyslog.conf</ind:filepath>
|
|
<ind:pattern
|
|
- operation="pattern match">^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$</ind:pattern>
|
|
+ operation="pattern match">^(?:include\([\n\s]*file="([^\s;]+)".*|\$IncludeConfig[\s]+([^\s;]+))$</ind:pattern>
|
|
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
</ind:textfilecontent54_object>
|
|
|
|
<!-- Turn that glob value into Perl's regex so it can be used as filepath pattern below -->
|
|
<local_variable id="var_{{{ _RULE_ID }}}_include_config_regex" datatype="string" version="1"
|
|
- comment="$IncludeConfig value converted to regex">
|
|
+ comment="rsyslog's include config values converted to regex.">
|
|
<unique>
|
|
<glob_to_regex>
|
|
<object_component item_field="subexpression"
|
|
- object_ref="object_{{{ _RULE_ID }}}_include_config_value" />
|
|
+ object_ref="object_{{{ _RULE_ID }}}_include_config_value"/>
|
|
</glob_to_regex>
|
|
</unique>
|
|
</local_variable>
|
|
|
|
- <!-- Create a variable_object from the regex variable
|
|
- If the variable has no values, there won't be any objects -->
|
|
- <ind:variable_object id="object_var_{{{ _RULE_ID }}}_include_config_regex"
|
|
- comment="Make variable object from regex variable" version="1">
|
|
+ <!-- Create a variable_object from the regex variable.
|
|
+ If the variable has no values, there won't be any objects. -->
|
|
+ <ind:variable_object id="object_var_{{{ _RULE_ID }}}_include_config_regex" version="1"
|
|
+ comment="Make variable object from regex variable.">
|
|
<ind:var_ref>var_{{{ _RULE_ID }}}_include_config_regex</ind:var_ref>
|
|
</ind:variable_object>
|
|
|
|
- <local_variable id="var_{{{ _RULE_ID }}}_syslog_config" datatype="string"
|
|
- version="1" comment="Locations of all rsyslog configuration files as collection">
|
|
+ <local_variable id="var_{{{ _RULE_ID }}}_syslog_config" datatype="string" version="1"
|
|
+ comment="Main rsyslog configuration file.">
|
|
<literal_component datatype="string">^/etc/rsyslog.conf$</literal_component>
|
|
</local_variable>
|
|
|
|
- <ind:variable_object id="object_var_{{{ _RULE_ID }}}_syslog_config"
|
|
- comment="Make variable object for use" version="1">
|
|
+ <ind:variable_object id="object_var_{{{ _RULE_ID }}}_syslog_config" version="1"
|
|
+ comment="Make variable object from local variable.">
|
|
<ind:var_ref>var_{{{ _RULE_ID }}}_syslog_config</ind:var_ref>
|
|
</ind:variable_object>
|
|
|
|
- <!-- Combine the two variable_objects into one variable_object
|
|
- We do it this way to avoid referencing an empty variable in a state comparison, which
|
|
- will cause a test to evaluate to fail. Combining an empty set of objects is fine though -->
|
|
- <ind:variable_object id="object_var_{{{ _RULE_ID }}}_all_log_files"
|
|
- comment="Filter out empty string" version="1">
|
|
+ <!-- Combine the two variable_objects into one variable_object.
|
|
+ We do it this way to avoid referencing an empty variable in a state comparison, which will
|
|
+ cause a test to evaluate to fail. Combining an empty set of objects is fine though. -->
|
|
+ <ind:variable_object id="object_var_{{{ _RULE_ID }}}_all_conf_files" version="1"
|
|
+ comment="Variable containing all rsyslog configuration files.">
|
|
<set>
|
|
<object_reference>object_var_{{{ _RULE_ID }}}_include_config_regex</object_reference>
|
|
<object_reference>object_var_{{{ _RULE_ID }}}_syslog_config</object_reference>
|
|
@@ -64,74 +62,72 @@
|
|
|
|
<!-- In element filepath of object_rfg_log_files_paths we need to pass a list of values,
|
|
a list of objects won't do. So we make a local_variable from the variable_objects. -->
|
|
- <local_variable id="var_{{{ _RULE_ID }}}_all_log_files" datatype="string" version="1"
|
|
- comment="Locations of all rsyslog configuration files as collection">
|
|
- <object_component object_ref="object_var_{{{ _RULE_ID }}}_all_log_files" item_field="value"/>
|
|
+ <local_variable id="var_{{{ _RULE_ID }}}_all_conf_files" datatype="string" version="1"
|
|
+ comment="Locations of all rsyslog configuration files as collection.">
|
|
+ <object_component object_ref="object_var_{{{ _RULE_ID }}}_all_conf_files" item_field="value"/>
|
|
</local_variable>
|
|
|
|
- <!-- For each item from that collection (particular rsyslog's configuration file path) search
|
|
- that rsyslog's configuration file to select file paths for log files directives
|
|
- -->
|
|
- <ind:textfilecontent54_object id="object_{{{ _RULE_ID }}}_log_files_paths"
|
|
- comment="All rsyslog configuration files" version="1">
|
|
- <ind:filepath operation="pattern match" var_ref="var_{{{ _RULE_ID }}}_all_log_files"
|
|
- var_check="at least one" />
|
|
- <!-- Chunk of text retrieved from rsyslog's configuration file is considered
|
|
- to constitute a log file path if all of the following conditions are met:
|
|
- * the string represents a regular file on particular file system
|
|
- (verified via corresponding file_state below),
|
|
- * the chunk of text is in the last column in the row,
|
|
- (possibly suffixed by ';' character and rsyslog Template name),
|
|
- * contains at least one slash '/' character, and simultaneously
|
|
- doesn't contain any of ';', ':' and space characters,
|
|
- * the chunk was retrieved from a row not starting with space, '#',
|
|
- or '$' characters
|
|
- -->
|
|
- <ind:pattern
|
|
- operation="pattern match">^\s*[^(\s|#|\$)]+\s+-?[\w\(="\s]*(\/[^:;\s"]+)+.*$</ind:pattern>
|
|
+ <!-- For each item from that collection (particular rsyslog's configuration files paths) search
|
|
+ that rsyslog's configuration files to select file paths for log files directives -->
|
|
+ <ind:textfilecontent54_object id="object_{{{ _RULE_ID }}}_log_files_paths" version="1"
|
|
+ comment="All rsyslog log files collected from rsyslog configuration files." >
|
|
+ <ind:filepath operation="pattern match" var_check="at least one"
|
|
+ var_ref="var_{{{ _RULE_ID }}}_all_conf_files"/>
|
|
+ <!-- Chunk of text retrieved from rsyslog's configuration file is considered to constitute
|
|
+ a log file path if all of the following conditions are met:
|
|
+ * the string represents a regular file on particular file system
|
|
+ (verified via corresponding file_state below),
|
|
+ * the chunk of text is in the last column in the row,
|
|
+ (possibly suffixed by ';' character and rsyslog Template name),
|
|
+ * contains at least one slash '/' character, and simultaneously doesn't contain any
|
|
+ of ';', ':' and space characters,
|
|
+ * the chunk was retrieved from a row not starting with space, '#', or '$' characters
|
|
+ -->
|
|
+ <ind:pattern
|
|
+ operation="pattern match">^\s*[^(\s|#|\$)]+\s+.*\s+-?[\w\(="\s]*(\/[^:;\s"]+)+.*$</ind:pattern>
|
|
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
|
|
- <filter action="exclude">state_{{{ _RULE_ID }}}_ownership_ignore_include_paths</filter>
|
|
+ <filter action="exclude">state_{{{ _RULE_ID }}}_ignore_include_paths</filter>
|
|
</ind:textfilecontent54_object>
|
|
|
|
- <ind:textfilecontent54_state id="state_{{{ _RULE_ID }}}_ownership_ignore_include_paths"
|
|
- comment="ignore" version="1">
|
|
- <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
|
|
- include() or $IncludeConfig statements.
|
|
- These paths are conf files, not log files. Their groupownership don't need to be as
|
|
- required for log files, thus, lets exclude them from the list of objects found
|
|
- -->
|
|
+ <ind:textfilecontent54_state id="state_{{{ _RULE_ID }}}_ignore_include_paths"
|
|
+ comment="ignore" version="1">
|
|
+ <!-- Among the paths matched in object_{{{ _RULE_ID }}}_log_files_paths there can be paths
|
|
+ from include() or $IncludeConfig statements. These paths are conf files, not log files.
|
|
+ Their properties don't need to be as required for log files, thus, lets exclude them
|
|
+ from the list of objects found. -->
|
|
<ind:text
|
|
operation="pattern match">(?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+|\/dev\/.*)</ind:text>
|
|
</ind:textfilecontent54_state>
|
|
|
|
<!-- Define OVAL variable to hold all the various system log files locations
|
|
- retrieved from the different rsyslog configuration files
|
|
- -->
|
|
+ retrieved from the different rsyslog configuration files. -->
|
|
<local_variable id="var_{{{ _RULE_ID }}}_log_files_paths" datatype="string" version="1"
|
|
- comment="File paths of all rsyslog configuration files">
|
|
- <object_component item_field="subexpression" object_ref="object_{{{ _RULE_ID }}}_log_files_paths" />
|
|
+ comment="File paths of all rsyslog log files">
|
|
+ <object_component item_field="subexpression"
|
|
+ object_ref="object_{{{ _RULE_ID }}}_log_files_paths" />
|
|
</local_variable>
|
|
|
|
- <!-- Perform the test if all rsyslog system log files are owned by the appropriate group -->
|
|
- <unix:file_test check="all" check_existence="all_exist" id="test_{{{ _RULE_ID }}}" version="1"
|
|
- comment="System log files are owned by the appropriate group">
|
|
- <unix:object object_ref="object_rsyslog_files_{{{ _RULE_ID }}}_ownership" />
|
|
+ <!-- Perform the test if all rsyslog system log files have appropriate attribute -->
|
|
+ <unix:file_test id="test_{{{ _RULE_ID }}}" check="all" check_existence="all_exist" version="1"
|
|
+ comment="System log files have appropriate {{{ ATTRIBUTE }}} set">
|
|
+ <unix:object object_ref="object_{{{ _RULE_ID }}}_{{{ ATTRIBUTE }}}" />
|
|
<unix:state state_ref="state_{{{ _RULE_ID }}}" />
|
|
</unix:file_test>
|
|
|
|
- <unix:file_object id="object_rsyslog_files_{{{ _RULE_ID }}}_ownership"
|
|
- comment="Various system log files" version="1">
|
|
- <unix:filepath datatype="string" var_ref="var_{{{ _RULE_ID }}}_log_files_paths"
|
|
- var_check="at least one" />
|
|
+ <unix:file_object id="object_{{{ _RULE_ID }}}_{{{ ATTRIBUTE }}}" version="1"
|
|
+ comment="All system log files collected from rsyslog configuration files">
|
|
+ <unix:filepath datatype="string" var_check="at least one"
|
|
+ var_ref="var_{{{ _RULE_ID }}}_log_files_paths"/>
|
|
</unix:file_object>
|
|
|
|
<unix:file_state id="state_{{{ _RULE_ID }}}" version="1">
|
|
<unix:type operation="equals">regular</unix:type>
|
|
{{% if ATTRIBUTE == "groupowner" %}}
|
|
<unix:group_id datatype="int">{{{ VALUE }}}</unix:group_id>
|
|
- {{% else %}}
|
|
+ {{% elif ATTRIBUTE == "owner" %}}
|
|
<unix:user_id datatype="int">{{{ VALUE }}}</unix:user_id>
|
|
+ {{% else %}}
|
|
+ {{{ STATEMODE | indent(4) }}}
|
|
{{% endif %}}
|
|
</unix:file_state>
|
|
-
|
|
</def-group>
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/template.py b/shared/templates/rsyslog_logfiles_attributes_modify/template.py
|
|
new file mode 100644
|
|
index 0000000000..9ea31c9a6b
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/template.py
|
|
@@ -0,0 +1,18 @@
|
|
+def preprocess(data, lang):
|
|
+ if lang == "oval" and data["attribute"] == 'permissions':
|
|
+ # create STATEMODE used in the OVAL template by processing the octal permission and
|
|
+ # creating the equivalent permission fields of "unix:file_state" element.
|
|
+ mode = data["value"]
|
|
+ fields = [
|
|
+ 'oexec', 'owrite', 'oread', 'gexec', 'gwrite', 'gread',
|
|
+ 'uexec', 'uwrite', 'uread', 'sticky', 'sgid', 'suid']
|
|
+ mode_int = int(mode, 8)
|
|
+ mode_str = ""
|
|
+ for field in fields:
|
|
+ if mode_int & 0x01 == 0:
|
|
+ mode_str = (
|
|
+ "<unix:{field} datatype=\"boolean\">false</unix:{field}>\n{mode_str}".format(
|
|
+ field=field, mode_str=mode_str))
|
|
+ mode_int = mode_int >> 1
|
|
+ data["statemode"] = mode_str.rstrip("\n")
|
|
+ return data
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh
|
|
deleted file mode 100755
|
|
index db7e5261eb..0000000000
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_other.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,50 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with root user log from rules and
|
|
-# non root user log from $IncludeConfig fails.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-{{% if ATTRIBUTE == "owner" %}}
|
|
-ADDCOMMAND="useradd"
|
|
-CHATTR="chown"
|
|
-{{% else %}}
|
|
-ADDCOMMAND="groupadd"
|
|
-CHATTR="chgrp"
|
|
-{{% endif %}}
|
|
-
|
|
-USER_TEST=testssg
|
|
-$ADDCOMMAND $USER_TEST
|
|
-
|
|
-USER_ROOT=root
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files ownership
|
|
-$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
|
|
-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-\$IncludeConfig ${test_conf}
|
|
-EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh
|
|
deleted file mode 100755
|
|
index d79ae23cfc..0000000000
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,50 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with root user log from rules and
|
|
-# non root user log from include() fails.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-{{% if ATTRIBUTE == "owner" %}}
|
|
-ADDCOMMAND="useradd"
|
|
-CHATTR="chown"
|
|
-{{% else %}}
|
|
-ADDCOMMAND="groupadd"
|
|
-CHATTR="chgrp"
|
|
-{{% endif %}}
|
|
-
|
|
-USER_TEST=testssg
|
|
-$ADDCOMMAND $USER_TEST
|
|
-
|
|
-USER_ROOT=root
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files ownership
|
|
-$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
|
|
-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh
|
|
deleted file mode 100644
|
|
index 7869a180a8..0000000000
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_other_IncludeConfig_is_other_RainerLogClause.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,75 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with root user log from rules and
|
|
-# root user log from include() passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-{{% if ATTRIBUTE == "owner" %}}
|
|
-ADDCOMMAND="useradd"
|
|
-CHATTR="chown"
|
|
-{{% else %}}
|
|
-ADDCOMMAND="groupadd"
|
|
-CHATTR="chgrp"
|
|
-{{% endif %}}
|
|
-
|
|
-USER_TEST=testssg
|
|
-$ADDCOMMAND $USER_TEST
|
|
-
|
|
-USER=root
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 3
|
|
-
|
|
-# setup test log files ownership
|
|
-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[0]}
|
|
-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[1]}
|
|
-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[2]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create test2 configuration file
|
|
-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
|
|
-{{% if ATTRIBUTE == "owner" %}}
|
|
-cat << EOF > ${test_conf2}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-
|
|
-*.* action(type="omfile" FileCreateMode="0640" fileOwner="$USER_TEST" fileGroup="root" File="${RSYSLOG_TEST_LOGS[2]}")
|
|
-EOF
|
|
-{{% else %}}
|
|
-cat << EOF > ${test_conf2}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-
|
|
-*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="$USER_TEST" File="${RSYSLOG_TEST_LOGS[2]}")
|
|
-EOF
|
|
-{{% endif %}}
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-
|
|
-\$IncludeConfig ${test_conf2}
|
|
-EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh
|
|
deleted file mode 100755
|
|
index e80395ca99..0000000000
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,46 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with root user log from rules and
|
|
-# root user log from include() passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-
|
|
-{{% if ATTRIBUTE == "owner" %}}
|
|
-CHATTR="chown"
|
|
-{{% else %}}
|
|
-CHATTR="chgrp"
|
|
-{{% endif %}}
|
|
-
|
|
-USER=root
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files ownership
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh
|
|
deleted file mode 100755
|
|
index e7b4905dc5..0000000000
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_other.fail.sh
|
|
+++ /dev/null
|
|
@@ -1,63 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with root user log from rules and
|
|
-# non root user log from include() fails.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-{{% if ATTRIBUTE == "owner" %}}
|
|
-ADDCOMMAND="useradd"
|
|
-CHATTR="chown"
|
|
-{{% else %}}
|
|
-ADDCOMMAND="groupadd"
|
|
-CHATTR="chgrp"
|
|
-{{% endif %}}
|
|
-
|
|
-USER_ROOT=root
|
|
-
|
|
-USER_TEST=testssg
|
|
-$ADDCOMMAND $USER_TEST
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 3
|
|
-
|
|
-# setup test log files ownership
|
|
-$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[0]}
|
|
-$CHATTR $USER_ROOT ${RSYSLOG_TEST_LOGS[1]}
|
|
-$CHATTR $USER_TEST ${RSYSLOG_TEST_LOGS[2]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create test2 configuration file
|
|
-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
|
|
-cat << EOF > ${test_conf2}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[2]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-
|
|
-\$IncludeConfig ${test_conf2}
|
|
-EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh
|
|
deleted file mode 100755
|
|
index 6389e6ea3b..0000000000
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,58 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with root user log from rules and
|
|
-# root user log from include() passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-{{% if ATTRIBUTE == "owner" %}}
|
|
-CHATTR="chown"
|
|
-{{% else %}}
|
|
-CHATTR="chgrp"
|
|
-{{% endif %}}
|
|
-
|
|
-USER=root
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 3
|
|
-
|
|
-# setup test log files ownership
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[2]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create test2 configuration file
|
|
-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
|
|
-cat << EOF > ${test_conf2}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[2]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-
|
|
-\$IncludeConfig ${test_conf2}
|
|
-EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh
|
|
deleted file mode 100755
|
|
index 6b81a77c2f..0000000000
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_is_root_IncludeConfig_is_root_RainerLogClause.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,59 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with root user log from rules and
|
|
-# root user log from include() passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-{{% if ATTRIBUTE == "owner" %}}
|
|
-CHATTR="chown"
|
|
-{{% else %}}
|
|
-CHATTR="chgrp"
|
|
-{{% endif %}}
|
|
-
|
|
-USER=root
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 3
|
|
-
|
|
-# setup test log files ownership
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[2]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create test2 configuration file
|
|
-test_conf2=${RSYSLOG_TEST_DIR}/test2.conf
|
|
-cat << EOF > ${test_conf2}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-
|
|
-*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="root" File="${RSYSLOG_TEST_LOGS[2]}")
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(file="${test_conf}")
|
|
-
|
|
-\$IncludeConfig ${test_conf2}
|
|
-EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh
|
|
deleted file mode 100755
|
|
index 78b105abf3..0000000000
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/include_multiline_is_root.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,47 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
|
|
-
|
|
-# Check rsyslog.conf with root user log from rules and
|
|
-# root user log from multiline include() passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-{{% if ATTRIBUTE == "owner" %}}
|
|
-CHATTR="chown"
|
|
-{{% else %}}
|
|
-CHATTR="chgrp"
|
|
-{{% endif %}}
|
|
-
|
|
-USER=root
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 2
|
|
-
|
|
-# setup test log files ownership
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
|
|
-
|
|
-# create test configuration file
|
|
-test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
-cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
-EOF
|
|
-
|
|
-# create rsyslog.conf configuration file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-#### MODULES ####
|
|
-
|
|
-include(
|
|
- file="${test_conf}"
|
|
-)
|
|
-EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh
|
|
deleted file mode 100755
|
|
index afce21fa27..0000000000
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_root.pass.sh
|
|
+++ /dev/null
|
|
@@ -1,30 +0,0 @@
|
|
-#!/bin/bash
|
|
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
-
|
|
-# Check if log file with root user in rsyslog.conf passes.
|
|
-
|
|
-source $SHARED/rsyslog_log_utils.sh
|
|
-
|
|
-{{% if ATTRIBUTE == "owner" %}}
|
|
-CHATTR="chown"
|
|
-{{% else %}}
|
|
-CHATTR="chgrp"
|
|
-{{% endif %}}
|
|
-
|
|
-USER=root
|
|
-
|
|
-# setup test data
|
|
-create_rsyslog_test_logs 1
|
|
-
|
|
-# setup test log file ownership
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-# add rule with root user owned log file
|
|
-cat << EOF > $RSYSLOG_CONF
|
|
-# rsyslog configuration file
|
|
-
|
|
-#### RULES ####
|
|
-
|
|
-*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
-
|
|
-EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_other.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
|
|
similarity index 53%
|
|
rename from shared/templates/rsyslog_logfiles_attributes_modify/tests/is_other.fail.sh
|
|
rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
|
|
index 1afe20823c..dc362ae003 100755
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/is_other.fail.sh
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
|
|
@@ -1,33 +1,31 @@
|
|
#!/bin/bash
|
|
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
|
|
-# Check if log file with non root user in rsyslog.conf fails.
|
|
-
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
source $SHARED/rsyslog_log_utils.sh
|
|
|
|
{{% if ATTRIBUTE == "owner" %}}
|
|
-ADDCOMMAND="useradd"
|
|
CHATTR="chown"
|
|
-{{% else %}}
|
|
-ADDCOMMAND="groupadd"
|
|
+ATTR_VALUE="root"
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
{{% endif %}}
|
|
|
|
-USER=testssg
|
|
-
|
|
-$ADDCOMMAND $USER
|
|
-
|
|
-# setup test data
|
|
+# create one test log file
|
|
create_rsyslog_test_logs 1
|
|
|
|
-# setup test log file ownership
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
|
|
-# add rule with non-root user owned log file
|
|
+# add rule with test log file
|
|
cat << EOF > $RSYSLOG_CONF
|
|
# rsyslog configuration file
|
|
|
|
#### RULES ####
|
|
-
|
|
*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+
|
|
EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_root.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_correct_attr.pass.sh
|
|
similarity index 51%
|
|
rename from shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_root.pass.sh
|
|
rename to shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_correct_attr.pass.sh
|
|
index b03268fe3e..c742f41039 100755
|
|
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/IncludeConfig_is_root.pass.sh
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_correct_attr.pass.sh
|
|
@@ -1,45 +1,45 @@
|
|
#!/bin/bash
|
|
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
|
|
-# Check rsyslog.conf with root user log from rules and
|
|
-# root user log from $IncludeConfig passes.
|
|
-
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
source $SHARED/rsyslog_log_utils.sh
|
|
|
|
{{% if ATTRIBUTE == "owner" %}}
|
|
CHATTR="chown"
|
|
-{{% else %}}
|
|
+ATTR_VALUE="root"
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
{{% endif %}}
|
|
|
|
-USER=root
|
|
-
|
|
-# setup test data
|
|
+# create two test log file
|
|
create_rsyslog_test_logs 2
|
|
|
|
-# setup test log files ownership
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[0]}
|
|
-$CHATTR $USER ${RSYSLOG_TEST_LOGS[1]}
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
|
|
-# create test configuration file
|
|
+# create test configuration file with rule for second test log file
|
|
test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
cat << EOF > ${test_conf}
|
|
-# rsyslog configuration file
|
|
+# rsyslog test configuration file
|
|
|
|
#### RULES ####
|
|
-
|
|
*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
EOF
|
|
|
|
-# create rsyslog.conf configuration file
|
|
+# add rule with first test log file plus an include statement
|
|
cat << EOF > $RSYSLOG_CONF
|
|
# rsyslog configuration file
|
|
|
|
#### RULES ####
|
|
-
|
|
*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
|
|
#### MODULES ####
|
|
-
|
|
\$IncludeConfig ${test_conf}
|
|
+
|
|
EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_incorrect_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_incorrect_attr.fail.sh
|
|
new file mode 100755
|
|
index 0000000000..a12d0bc653
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_include_incorrect_attr.fail.sh
|
|
@@ -0,0 +1,50 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testuser"
|
|
+useradd $ATTR_INCORRECT_VALUE
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testgroup"
|
|
+groupadd $ATTR_INCORRECT_VALUE
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+ATTR_INCORRECT_VALUE="0666"
|
|
+{{% endif %}}
|
|
+
|
|
+# create two test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# create test configuration file with rule for second test log file
|
|
+test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
+cat << EOF > ${test_conf}
|
|
+# rsyslog test configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+EOF
|
|
+
|
|
+# add rule with first test log file plus an include statement
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+
|
|
+#### MODULES ####
|
|
+\$IncludeConfig ${test_conf}
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_incorrect_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_incorrect_attr.fail.sh
|
|
new file mode 100755
|
|
index 0000000000..25430db033
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_incorrect_attr.fail.sh
|
|
@@ -0,0 +1,33 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_INCORRECT_VALUE="cac_testuser"
|
|
+useradd $ATTR_INCORRECT_VALUE
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_INCORRECT_VALUE="cac_testgroup"
|
|
+groupadd $ATTR_INCORRECT_VALUE
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_INCORRECT_VALUE="0666"
|
|
+{{% endif %}}
|
|
+
|
|
+# create one test log file
|
|
+create_rsyslog_test_logs 1
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+
|
|
+# add rule with non-root user owned log file
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
|
|
new file mode 100755
|
|
index 0000000000..c1c5758d80
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
|
|
@@ -0,0 +1,33 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+{{% endif %}}
|
|
+
|
|
+# create three test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# add rules with both syntax for different test log files
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_correct_attr.pass.sh
|
|
new file mode 100755
|
|
index 0000000000..0235130534
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_correct_attr.pass.sh
|
|
@@ -0,0 +1,58 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+{{% endif %}}
|
|
+
|
|
+# create three test log file
|
|
+create_rsyslog_test_logs 3
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[2]}
|
|
+
|
|
+# create first test configuration file with legacy rule for second test log file
|
|
+test_conf1=${RSYSLOG_TEST_DIR}/legacy.conf
|
|
+cat << EOF > ${test_conf1}
|
|
+# rsyslog test configuration file with legacy syntax
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+EOF
|
|
+
|
|
+# create second test configuration file with RainerScript rule for third test log file
|
|
+test_conf2=${RSYSLOG_TEST_DIR}/rainerscript.conf
|
|
+cat << EOF > ${test_conf2}
|
|
+# rsyslog test configuration file with RainerScript syntax
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[2]}")
|
|
+
|
|
+EOF
|
|
+
|
|
+# add rule with first test log file plus two mixed include statement
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+
|
|
+#### MODULES ####
|
|
+\$IncludeConfig ${test_conf1}
|
|
+
|
|
+include(file="${test_conf2}")
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_legacy.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_legacy.fail.sh
|
|
new file mode 100755
|
|
index 0000000000..bed0afaf5e
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_legacy.fail.sh
|
|
@@ -0,0 +1,63 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testuser"
|
|
+useradd $ATTR_INCORRECT_VALUE
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testgroup"
|
|
+groupadd $ATTR_INCORRECT_VALUE
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+ATTR_INCORRECT_VALUE="0666"
|
|
+{{% endif %}}
|
|
+
|
|
+# create three test log file
|
|
+create_rsyslog_test_logs 3
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[2]}
|
|
+
|
|
+# create first test configuration file with legacy rule for second test log file
|
|
+test_conf1=${RSYSLOG_TEST_DIR}/legacy.conf
|
|
+cat << EOF > ${test_conf1}
|
|
+# rsyslog test configuration file with legacy syntax
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+EOF
|
|
+
|
|
+# create second test configuration file with RainerScript rule for third test log file
|
|
+test_conf2=${RSYSLOG_TEST_DIR}/rainerscript.conf
|
|
+cat << EOF > ${test_conf2}
|
|
+# rsyslog test configuration file with RainerScript syntax
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[2]}")
|
|
+
|
|
+EOF
|
|
+
|
|
+# add rule with first test log file plus two mixed include statement
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+
|
|
+#### MODULES ####
|
|
+\$IncludeConfig ${test_conf1}
|
|
+
|
|
+include(file="${test_conf2}")
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_rainer.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_rainer.fail.sh
|
|
new file mode 100755
|
|
index 0000000000..83c69b3a17
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_include_incorrect_attr_rainer.fail.sh
|
|
@@ -0,0 +1,63 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testuser"
|
|
+useradd $ATTR_INCORRECT_VALUE
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testgroup"
|
|
+groupadd $ATTR_INCORRECT_VALUE
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+ATTR_INCORRECT_VALUE="0666"
|
|
+{{% endif %}}
|
|
+
|
|
+# create three test log file
|
|
+create_rsyslog_test_logs 3
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[2]}
|
|
+
|
|
+# create first test configuration file with legacy rule for second test log file
|
|
+test_conf1=${RSYSLOG_TEST_DIR}/legacy.conf
|
|
+cat << EOF > ${test_conf1}
|
|
+# rsyslog test configuration file with legacy syntax
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+EOF
|
|
+
|
|
+# create second test configuration file with RainerScript rule for third test log file
|
|
+test_conf2=${RSYSLOG_TEST_DIR}/rainerscript.conf
|
|
+cat << EOF > ${test_conf2}
|
|
+# rsyslog test configuration file with RainerScript syntax
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[2]}")
|
|
+
|
|
+EOF
|
|
+
|
|
+# add rule with first test log file plus two mixed include statement
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+
|
|
+#### MODULES ####
|
|
+\$IncludeConfig ${test_conf1}
|
|
+
|
|
+include(file="${test_conf2}")
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_cloudinit.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_cloudinit.fail.sh
|
|
new file mode 100755
|
|
index 0000000000..43a6f2648d
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_cloudinit.fail.sh
|
|
@@ -0,0 +1,38 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testuser"
|
|
+useradd $ATTR_INCORRECT_VALUE
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testgroup"
|
|
+groupadd $ATTR_INCORRECT_VALUE
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+ATTR_INCORRECT_VALUE="0666"
|
|
+{{% endif %}}
|
|
+
|
|
+# create three test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# add rules with both syntax for different test log files
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+:syslogtag, isequal, "[CLOUDINIT]" ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_legacy.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_legacy.fail.sh
|
|
new file mode 100755
|
|
index 0000000000..f459e7377b
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_legacy.fail.sh
|
|
@@ -0,0 +1,38 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testuser"
|
|
+useradd $ATTR_INCORRECT_VALUE
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testgroup"
|
|
+groupadd $ATTR_INCORRECT_VALUE
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+ATTR_INCORRECT_VALUE="0666"
|
|
+{{% endif %}}
|
|
+
|
|
+# create three test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# add rules with both syntax for different test log files
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_rainer.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_rainer.fail.sh
|
|
new file mode 100755
|
|
index 0000000000..67193b69d8
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_incorrect_attr_rainer.fail.sh
|
|
@@ -0,0 +1,38 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testuser"
|
|
+useradd $ATTR_INCORRECT_VALUE
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testgroup"
|
|
+groupadd $ATTR_INCORRECT_VALUE
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+ATTR_INCORRECT_VALUE="0666"
|
|
+{{% endif %}}
|
|
+
|
|
+# create three test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# add rules with both syntax for different test log files
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* ${RSYSLOG_TEST_LOGS[0]}
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
|
|
new file mode 100755
|
|
index 0000000000..abdb09c485
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
|
|
@@ -0,0 +1,31 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+{{% endif %}}
|
|
+
|
|
+# create one test log file
|
|
+create_rsyslog_test_logs 1
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+
|
|
+# add rule with test log file
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_correct_attr.pass.sh
|
|
new file mode 100755
|
|
index 0000000000..8b73578e39
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_correct_attr.pass.sh
|
|
@@ -0,0 +1,45 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+{{% endif %}}
|
|
+
|
|
+# create two test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# create test configuration file with rule for second test log file
|
|
+test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
+cat << EOF > ${test_conf}
|
|
+# rsyslog test configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
|
|
+
|
|
+EOF
|
|
+
|
|
+# add rule with first test log file plus an include statement
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
|
|
+
|
|
+#### MODULES ####
|
|
+include(file="${test_conf}")
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_incorrect_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_incorrect_attr.fail.sh
|
|
new file mode 100755
|
|
index 0000000000..4c25c09e2e
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_incorrect_attr.fail.sh
|
|
@@ -0,0 +1,50 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testuser"
|
|
+useradd $ATTR_INCORRECT_VALUE
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testgroup"
|
|
+groupadd $ATTR_INCORRECT_VALUE
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+ATTR_INCORRECT_VALUE="0666"
|
|
+{{% endif %}}
|
|
+
|
|
+# create two test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# create test configuration file with rule for second test log file
|
|
+test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
+cat << EOF > ${test_conf}
|
|
+# rsyslog test configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
|
|
+
|
|
+EOF
|
|
+
|
|
+# add rule with first test log file plus an include statement
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
|
|
+
|
|
+#### MODULES ####
|
|
+include(file="${test_conf}")
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_correct_attr.pass.sh
|
|
new file mode 100755
|
|
index 0000000000..508a5cf6eb
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_correct_attr.pass.sh
|
|
@@ -0,0 +1,47 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+{{% endif %}}
|
|
+
|
|
+# create two test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# create test configuration file with rule for second test log file
|
|
+test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
+cat << EOF > ${test_conf}
|
|
+# rsyslog test configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
|
|
+
|
|
+EOF
|
|
+
|
|
+# add rule with first test log file plus an include statement
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
|
|
+
|
|
+#### MODULES ####
|
|
+include(
|
|
+ file="${test_conf}"
|
|
+)
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_incorrect_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_incorrect_attr.fail.sh
|
|
new file mode 100755
|
|
index 0000000000..49fada4cd4
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_include_multiline_incorrect_attr.fail.sh
|
|
@@ -0,0 +1,52 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testuser"
|
|
+useradd $ATTR_INCORRECT_VALUE
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_VALUE="root"
|
|
+ATTR_INCORRECT_VALUE="cac_testgroup"
|
|
+groupadd $ATTR_INCORRECT_VALUE
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_VALUE="0600"
|
|
+ATTR_INCORRECT_VALUE="0666"
|
|
+{{% endif %}}
|
|
+
|
|
+# create two test log file
|
|
+create_rsyslog_test_logs 2
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[1]}
|
|
+
|
|
+# create test configuration file with rule for second test log file
|
|
+test_conf=${RSYSLOG_TEST_DIR}/test1.conf
|
|
+cat << EOF > ${test_conf}
|
|
+# rsyslog test configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[1]}")
|
|
+
|
|
+EOF
|
|
+
|
|
+# add rule with first test log file plus an include statement
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
|
|
+
|
|
+#### MODULES ####
|
|
+include(
|
|
+ file="${test_conf}"
|
|
+)
|
|
+
|
|
+EOF
|
|
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_incorrect_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_incorrect_attr.fail.sh
|
|
new file mode 100755
|
|
index 0000000000..b17eb6b744
|
|
--- /dev/null
|
|
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_incorrect_attr.fail.sh
|
|
@@ -0,0 +1,33 @@
|
|
+#!/bin/bash
|
|
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
|
|
+
|
|
+# Declare variables used for the tests and define the create_rsyslog_test_logs function
|
|
+source $SHARED/rsyslog_log_utils.sh
|
|
+
|
|
+{{% if ATTRIBUTE == "owner" %}}
|
|
+CHATTR="chown"
|
|
+ATTR_INCORRECT_VALUE="cac_testuser"
|
|
+useradd $ATTR_INCORRECT_VALUE
|
|
+{{% elif ATTRIBUTE == "groupowner" %}}
|
|
+CHATTR="chgrp"
|
|
+ATTR_INCORRECT_VALUE="cac_testgroup"
|
|
+groupadd $ATTR_INCORRECT_VALUE
|
|
+{{% else %}}
|
|
+CHATTR="chmod"
|
|
+ATTR_INCORRECT_VALUE="0666"
|
|
+{{% endif %}}
|
|
+
|
|
+# create one test log file
|
|
+create_rsyslog_test_logs 1
|
|
+
|
|
+# setup test log file property
|
|
+$CHATTR $ATTR_INCORRECT_VALUE ${RSYSLOG_TEST_LOGS[0]}
|
|
+
|
|
+# add rule with non-root user owned log file
|
|
+cat << EOF > $RSYSLOG_CONF
|
|
+# rsyslog configuration file
|
|
+
|
|
+#### RULES ####
|
|
+*.* action(type="omfile" FileCreateMode="0640" fileOwner="root" fileGroup="hoiadm" File="${RSYSLOG_TEST_LOGS[0]}")
|
|
+
|
|
+EOF
|
|
--
|
|
2.39.1
|
|
|