-
Story
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
None
-
rhel-sst-security-compliance
-
ssg_security
-
3
-
False
-
-
No
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
Unspecified Release Note Type - Unknown
-
None
Goal
On RHEL, we encourage customers to use RainerScript syntax for rsyslog directives and avoid legacy syntax, which is consider as deprecated.
It appears that xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost is only supporting the legacy syntax, e.g. in linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml:
5 description: |- : 18 To use UDP for log message delivery: 19 <pre>*.* @<i>{{{ xccdf_value("rsyslog_remote_loghost_address") }}}</i></pre> 20 <br /> 21 To use TCP for log message delivery: 22 <pre>*.* @@<i>{{{ xccdf_value("rsyslog_remote_loghost_address") }}}</i></pre> 23 <br /> 24 To use RELP for log message delivery: 25 <pre>*.* :omrelp:<i>{{{ xccdf_value("rsyslog_remote_loghost_address") }}}</i></pre> : 87 warnings: 88 - functionality: |- 89 It is important to configure queues in case the client is sending log 90 messages to a remote server. If queues are not configured, 91 the system will stop functioning when the connection 92 to the remote server is not available. Please consult Rsyslog 93 documentation for more information about configuration of queues. The 94 example configuration which should go into <tt>/etc/rsyslog.conf</tt> 95 can look like the following lines: 96 <pre> 97 $ActionQueueType LinkedList 98 $ActionQueueFileName queuefilename 99 $ActionQueueMaxDiskSpace 1g 100 $ActionQueueSaveOnShutdown on 101 $ActionResumeRetryCount -1 102 </pre>
Typically, SCAP only understand this below:
*.* @@127.0.0.1:1234
While it should understand this below:
*.* action(type="omfwd" ... target="127.0.0.1" Port="1234" Protocol="tcp")
