Fix rsyslog rules due to change in how the configuration files are written #14228
Conversation
|
it did not seem to help as I ran a custom set of hardening tests and the fails are still there :( |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
…itten. rsyslog_files_groupownership rsyslog_files_ownership rsyslog_files_permissions Most likely this is what caused the change: https://gitlab.com/redhat/centos-stream/rpms/rsyslog/-/merge_requests/49/diffs
ggbecker
force-pushed
the
fix-rainer-script
branch
from
dde2004 to
8e97cc6
Compare
|
/packit retest-failed |
ggbecker
requested review from
Mab879,
jan-cerny,
matusmarhefka and
vojtapolasek
as code owners
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
This is ready to review, all the test scenarios pass on RHEL9 both ansible and bash, and a custom productization also passed for RHEL9 and RHEL10. There might be an issue on RHEL8 ISM_O on testing farm, stating that /var/log/cron had 0644 instead of 0640, I've rerun the testing farm tests to see if it's a fluke, it's weird because if it is an issue I'd expect it to be present on every RHEL8 profile testing that has this rule selected. Let's see how it goes. |
…ion. A line in the rsyslog conf file as such #kern.* action(type="omfile" file="/dev/console") Would get in the way of the remediation and be considered a valid log file, with this modification such files are excluded.
Cover cases where File can be part of some other longer word, so the regex consider File as a whole word, also make it case insensitive.
ggbecker
force-pushed
the
fix-rainer-script
branch
from
8e97cc6 to
b2e2659
Compare
Our ansible remediation that includes the line /var/log/cron add the line with only one space, and the previous regex was not matching the line with one space only. This update will catch also the case where the line has only one space between the first and second parameters. For example: "cron.* /var/log/cron".
|
I might have discovered how to fix the issue with the /var/log/cron file on ansible remediation, see: 628b2b2 let's see how testing works. |
In the rsyslog configuration it's also possible to use a single space between parameters and our ansible remediation for rsyslog_cron_logging does that. https://github.com/ComplianceAsCode/content/blob/2185de1165a2af8daab63acaa6d73503dc89fbc0/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/ansible/shared.yml#L23
|
@ggbecker: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
1 participant
Description:
The following rules:
rsyslog_files_groupownership
rsyslog_files_ownership
rsyslog_files_permissions
Most likely this is what caused the change: https://gitlab.com/redhat/centos-stream/rpms/rsyslog/-/merge_requests/49/diffs
Rationale: