Exclude more types of files in the rsyslog files permissions remediation.

ggbecker · ggbecker · commit d0a40db7db5b · 2025-12-11T15:14:39.000+01:00
A line in the rsyslog conf file as such

  #kern.* action(type="omfile" file="/dev/console")

Would get in the way of the remediation and be considered a valid log
file, with this modification such files are excluded.
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template b/shared/templates/rsyslog_logfiles_attributes_modify/ansible.template
@@ -52,7 +52,8 @@
     set -o pipefail{{% endif %}}
     grep -oP '^[^(\s|#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*\.*$' {{ item.1.path }} | \
     awk '{print $NF}' | \
-    sed -e 's/^-//' || true
+    sed -e 's/^-//' | \
+    grep -v '^/dev/' || true
   loop: "{{ rsyslog_config_files.results | default([]) | subelements('files') }}"
   register: log_files_old
   changed_when: False
@@ -62,10 +63,11 @@
   ansible.builtin.shell: |
     {{%- if not 'debian' in product %}}
     set -o pipefail{{% endif %}}
-    grep -ozP "action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)" {{ item.1.path }} | \
-    grep -aoP "\bFile\s*=\s*\"([/[:alnum:][:punct:]]*)\"\s*\)" | \
+    grep -iozP "action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)" {{ item.1.path }} | \
+    grep -iaoP "\bFile\s*=\s*\"([/[:alnum:][:punct:]]*)\"\s*\)" | \
     grep -oE "\"([/[:alnum:][:punct:]]*)\"" | \
-    tr -d "\""|| true
+    tr -d "\"" | \
+    grep -v '^/dev/' || true
   loop: "{{ rsyslog_config_files.results | default([]) | subelements('files') }}"
   register: log_files_new
   changed_when: False
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/bash.template b/shared/templates/rsyslog_logfiles_attributes_modify/bash.template
@@ -77,11 +77,12 @@ done
 # extract possibly multiline action omfile expressions
 # extract File="logfile" expression
 # match only "logfile" expression
+# exclude /dev/* paths (e.g., /dev/console)
 for LOG_FILE in "${RSYSLOG_CONFIG_FILES[@]}"
 do
 	ACTION_OMFILE_LINES=$(grep -iozP "action\s*\(\s*type\s*=\s*\"omfile\"[^\)]*\)" "${LOG_FILE}")
 	OMFILE_LINES=$(echo "${ACTION_OMFILE_LINES}"| grep -iaoP "\bFile\s*=\s*\"([/[:alnum:][:punct:]]*)\"\s*\)")
-	LOG_FILE_PATHS+=("$(echo "${OMFILE_LINES}"| grep -oE "\"([/[:alnum:][:punct:]]*)\""|tr -d "\"")")
+	LOG_FILE_PATHS+=("$(echo "${OMFILE_LINES}"| grep -oE "\"([/[:alnum:][:punct:]]*)\""|tr -d "\"" | grep -v "^/dev/")")
 done
 
 # Ensure the correct attribute if file exists
