[Ubuntu 24.04] Add stigid@ubuntu2404 references: System Logging

[hdean3]

Summary

Adds missing stigid@ubuntu2404 cross-references to 20 rule.yml files for system logging controls (rsyslog remote access monitoring, syslog-ng, journal logging, audit log forwarding).

Coverage Gap Addressed

Ubuntu 24.04 LTS (UBTU-24-XXXXXX) had zero stigid@ubuntu2404 entries in ComplianceAsCode/content prior to this PR series. This PR is part of an 11-PR series covering all 230 rules mapped in controls/stig_ubuntu2404.yml.

Changes

• Category: System Logging
• Files modified: rule.yml files with stigid@ubuntu2404: UBTU-24-XXXXXX added to references: block
• No functional logic changes — reference metadata only
• All existing references: entries preserved

Related PRs in this series

This PR is part of the same series as the Ubuntu 22.04 STIG stigid@ gap-filling work (#14463–#14471).

Testing

# Verify stigid@ubuntu2404 appears in modified files
grep -r "stigid@ubuntu2404" linux_os/ | wc -l

Fixes part of: Ubuntu 24.04 has zero stigid@ubuntu2404 coverage in CaC (V1R1)

[openshift-ci]

Hi @hdean3. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupownerships_var_log' differs.
--- xccdf_org.ssgproject.content_rule_file_groupownerships_var_log
+++ xccdf_org.ssgproject.content_rule_file_groupownerships_var_log
@@ -1,18 +1,6 @@
 
 # see https://workbench.cisecurity.org/benchmarks/18959/tickets/23964
 # regarding sssd and gdm exclusions
-
-declare -A valid_shells
-while read -r line; do
-    [[ "$line" == /* ]] && valid_shells["$line"]=1
-done < /etc/shells
-
-declare -A users_with_valid_shells
-while IFS=: read -r user _ _ _ _ _ shell; do
-    if [[ ${valid_shells["$shell"]} == 1 ]]; then
-        users_with_valid_shells["$user"]=1
-    fi
-done < /etc/passwd
 
 find -P /var/log/ -type f -regextype posix-extended \
     ! -group root ! -group adm  \
@@ -33,11 +21,4 @@
     ! -regex '.*/localmessages(.*)' \
     ! -regex '.*/secure(.*)' \
     ! -regex '.*/waagent.log(.*)' \
-    -print0 | while IFS= read -r -d '' log_file
-    do
-        # Set to root if owned by a user with a valid shell
-        user=$(stat -c "%U" "$log_file")
-        if [[ "${users_with_valid_shells["$user"]}" == "1" ]]; then
-            chgrp --no-dereference root "$log_file"
-        fi
-    done
+    -regex '.*' -exec chgrp --no-dereference root {} \;

bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_ownerships_var_log' differs.
--- xccdf_org.ssgproject.content_rule_file_ownerships_var_log
+++ xccdf_org.ssgproject.content_rule_file_ownerships_var_log
@@ -1,18 +1,6 @@
 
 # see https://workbench.cisecurity.org/benchmarks/18959/tickets/23964
 # regarding sssd and gdm exclusions
-
-declare -A valid_shells
-while read -r line; do
-    [[ "$line" == /* ]] && valid_shells["$line"]=1
-done < /etc/shells
-
-declare -A users_with_valid_shells
-while IFS=: read -r user _ _ _ _ _ shell; do
-    if [[ ${valid_shells["$shell"]} == 1 ]]; then
-        users_with_valid_shells["$user"]=1
-    fi
-done < /etc/passwd
 
 find -P /var/log/ -type f -regextype posix-extended \
     ! -user root ! -user syslog  \
@@ -33,11 +21,4 @@
     ! -regex '.*/localmessages(.*)' \
     ! -regex '.*/secure(.*)' \
     ! -regex '.*/waagent.log(.*)' \
-    -print0 | while IFS= read -r -d '' log_file
-    do
-        # Set to root if owned by a user with a valid shell
-        user=$(stat -c "%U" "$log_file")
-        if [[ "${users_with_valid_shells["$user"]}" == "1" ]]; then
-            chown --no-dereference root "$log_file"
-        fi
-    done
+    -regex '.*' -exec chown --no-dereference root {} \;

[hdean3]

Closing to clear CI/CD queue. Ubuntu 24.04 stigid@ubuntu2404 additions will be re-submitted after investigating Build Content failures. Will re-open in small batches of 2-3.