[Open-scap] Ensure Log Files Are Owned By Appropriate Group setting Issue in Debian 8

Watson Yuuma Sato wsato at redhat.com
Mon Sep 10 08:21:40 UTC 2018 

On 07/09/18 06:25, Dhanushka Parakrama wrote:
> Hi Wasto

Hello,
>
> Please correct me if i'm not mistaken . in the URL [1] that you shared 
> i can't see the rsyslog-ng  , instead  of it 
> have**package_rsyslog_installed So its check for the correct package 
> is'nt it ?
Yeah, the check is looking for "rsyslog" package, but as we discussed in 
another thread the correct one should be "rsyslog-ng", right?

This should be easily fixable by adding Jinja conditionals in the check, 
I have linked [2] a very similar case.

[2] 
https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/oval/shared.xml

> [1] 
> https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml
>
> Thank you
> Dhanushka
>
> On Fri, 31 Aug 2018 at 18:28, Watson Yuuma Sato <wsato at redhat.com 
> <mailto:wsato at redhat.com>> wrote:
>
>     On 29/08/18 18:34, Dhanushka Parakrama wrote:
>>     Hi  Team
>>
>>     We have ran the scan for debian 8 using below command
>>
>>     *oscap  xccdf eval   --profile
>>     xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report
>>     report.html  ssg-debian8-ds.xml*
>>     *
>>     *
>>     Got alerts as below ,
>>     ===============
>>     *
>>     *
>>     image.png
>>
>>     As the solution suggested change the group as below
>>
>>     *chgrp adm /var/log/* -R *
>>     **
>>     image.png
>>     but we still getting the
>>     *Ensure Log Files Are Owned By Appropriate Group -> Failed *
>>     **
>>     Is there any reason for that ?
>     Hello, Dhanushka,
>
>     The check for this rule also verifies if rsyslog is in use. Now,
>     unfortunately, it checks for rsyslog, not rsyslog-ng.
>
>     Here is where the check is defined:
>     https://github.com/OpenSCAP/scap-security-guide/blob/master/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml
>
>>     Thank You
>>     Dhanushka
>>
>>
>>     _______________________________________________
>>     Open-scap-list mailing list
>>     Open-scap-list at redhat.com <mailto:Open-scap-list at redhat.com>
>>     https://www.redhat.com/mailman/listinfo/open-scap-list
>
>
>     -- 
>     Watson Sato
>     Security Technologies | Red Hat, Inc
>

-- 
Watson Sato
Security Technologies | Red Hat, Inc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180910/def23e02/attachment.htm>

More information about the Open-scap-list mailing list