[Open-scap] Ensure Log Files Are Owned By Appropriate Group setting Issue in Debian 8
Watson Yuuma Sato
wsato at redhat.com
Mon Sep 10 08:21:40 UTC 2018
On 07/09/18 06:25, Dhanushka Parakrama wrote:
> Hi Wasto
Hello,
>
> Please correct me if i'm not mistaken . in the URL [1] that you shared
> i can't see the rsyslog-ng , instead of it
> have**package_rsyslog_installed So its check for the correct package
> is'nt it ?
Yeah, the check is looking for "rsyslog" package, but as we discussed in
another thread the correct one should be "rsyslog-ng", right?
This should be easily fixable by adding Jinja conditionals in the check,
I have linked [2] a very similar case.
[2]
https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/oval/shared.xml
> [1]
> https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml
>
> Thank you
> Dhanushka
>
> On Fri, 31 Aug 2018 at 18:28, Watson Yuuma Sato <wsato at redhat.com
> <mailto:wsato at redhat.com>> wrote:
>
> On 29/08/18 18:34, Dhanushka Parakrama wrote:
>> Hi Team
>>
>> We have ran the scan for debian 8 using below command
>>
>> *oscap xccdf eval --profile
>> xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report
>> report.html ssg-debian8-ds.xml*
>> *
>> *
>> Got alerts as below ,
>> ===============
>> *
>> *
>> image.png
>>
>> As the solution suggested change the group as below
>>
>> *chgrp adm /var/log/* -R *
>> **
>> image.png
>> but we still getting the
>> *Ensure Log Files Are Owned By Appropriate Group -> Failed *
>> **
>> Is there any reason for that ?
> Hello, Dhanushka,
>
> The check for this rule also verifies if rsyslog is in use. Now,
> unfortunately, it checks for rsyslog, not rsyslog-ng.
>
> Here is where the check is defined:
> https://github.com/OpenSCAP/scap-security-guide/blob/master/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml
>
>> Thank You
>> Dhanushka
>>
>>
>> _______________________________________________
>> Open-scap-list mailing list
>> Open-scap-list at redhat.com <mailto:Open-scap-list at redhat.com>
>> https://www.redhat.com/mailman/listinfo/open-scap-list
>
>
> --
> Watson Sato
> Security Technologies | Red Hat, Inc
>
--
Watson Sato
Security Technologies | Red Hat, Inc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180910/def23e02/attachment.htm>
More information about the Open-scap-list
mailing list