-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-8.7.0
-
scap-security-guide-0.1.74-1.el8_10
-
None
-
None
-
rhel-sst-security-compliance
-
ssg_security
-
3
-
False
-
-
No
-
None
-
-
Pass
-
None
-
-
Unspecified
-
None
Description of problem:
Latest scap-security-guide 0.1.66, the rainer syntax is still not fully supported yet.
The SCAP rule xccdf_org.ssgproject.content_rule_rsyslog_cron_logging is not accepting the following rainer syntax line:
~~~
cron.* action(name="local-cron" type="omfile" FileCreateMode="0600" fileOwner="root" fileGroup="root" File="/var/log/cron")
~~~
Version-Release number of selected component (if applicable):
0.1.66-2.el8_7.noarch
How reproducible:
- Configure rainier syntax for collecting cron logs.
- vi /etc/rsyslog.conf
cron.* action(name="local-cron" type="omfile" FileCreateMode="0600" fileOwner="root" fileGroup="root" File="/var/log/cron")
Steps to Reproduce:
1. Replace legacy configuration for cron logs with Rainier script syntax
- vi /etc/rsyslog.conf
2. Restart rsyslog to load changes.
3. Scan the system for SCAP rule : xccdf_org.ssgproject.content_rule_rsyslog_cron_logging
Actual results:
The rainier syntax is not validated
Expected results:
The rainier syntax for cron log configuration should be validated.
Additional info:
Similarly, netstreamdriver parameters should be validated if configured in rainier syntax.
Following rules are impacted.
- xccdf_org.ssgproject.content_rule_rsyslog_cron_logging
- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdriverauthmode
- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdrivermode
- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_defaultnetstreamdriver
- external trackers
- links to
-
RHBA-2024:137755 scap-security-guide bug fix and enhancement update
- mentioned on