Add syslog-ng rules as an alternative logging framework

[israel-villar]

Add four new rules for the syslog-ng logging framework under linux_os/guide/system/logging/syslogng/:

• package_syslogng_installed: ensure syslog-ng is installed
• service_syslogng_enabled: ensure the syslog-ng service is enabled
• syslogng_nolisten: ensure syslog-ng is not configured to accept remote messages (OVAL checks for absence of tcp()/udp() source directives in /etc/syslog-ng/syslog-ng.conf)
• syslogng_filecreatemode: ensure syslog-ng sets file creation mode to 0640 or more restrictive (OVAL uses direct regex match on the options { } block)

syslog-ng is an alternative to rsyslog and systemd-journal. These rules provide coverage for systems that use syslog-ng as their logging daemon, complementing the existing rsyslog rules.
Map the new rules to the existing syslog-ng component.

Description:

• Add four new rules for the syslog-ng logging framework under
  linux_os/guide/system/logging/syslogng/:
  • package_syslogng_installed: ensure syslog-ng is installed
  • service_syslogng_enabled: ensure the syslog-ng service is enabled
  • syslogng_nolisten: ensure syslog-ng is not configured to accept
    remote messages (OVAL checks for absence of tcp()/udp() source
    directives in /etc/syslog-ng/syslog-ng.conf)
  • syslogng_filecreatemode: ensure syslog-ng sets file creation mode
    to 0640 or more restrictive (OVAL uses direct regex match on the
    options { } block)
• Map the new rules to the existing syslog-ng component.

Rationale:

• syslog-ng is an alternative to rsyslog and systemd-journal. These rules
  provide coverage for systems that use syslog-ng as their logging daemon,
  complementing the existing rsyslog rules.

Review Hints:

• New group directory linux_os/guide/system/logging/syslogng/ with two
  group.yml files and four rule directories.
• syslogng_filecreatemode OVAL uses a direct regex match instead of shell
  arithmetic to avoid the SCE /tmp noexec problem.
• Build to verify: ./build_product debian13 --datastream-only

[openshift-ci]

Hi @israel-villar. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.