New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix auditd_audispd_encrypt_sent_records on Fedora and RHEL8 #3619
Fix auditd_audispd_encrypt_sent_records on Fedora and RHEL8 #3619
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The OVAL macro doesn't work for me - in builded rhel8/fedora datastream I still see content from else
part. Others (remediation and yml) looks correct.
@jan-cerny Sorry, it was my fault. I didn't delete build folder before building and it caused that problem. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe the test scenarios need to updated as well.
.../auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
Show resolved
Hide resolved
...auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
Show resolved
Hide resolved
...system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
Show resolved
Hide resolved
...auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
Show resolved
Hide resolved
...system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
Outdated
Show resolved
Hide resolved
@jan-cerny See example of dirty workaround on how to write test scenarios for multiple products: https://github.com/ComplianceAsCode/content/tree/master/tests/data/group_system/group_auditing/group_auditd_configure_rules/group_audit_privileged_commands/rule_audit_rules_privileged_commands |
@yuumasato I don't prefer workarounds. Instead I propose to handle multiple products by specifying platform in the scenarios. #3627 |
I have added test scenarios for this. |
In Audit 3.0 which is present in Fedora >= 29 and RHEL8, the `audisp-remote.conf` moved to `/etc/audit` and the `enable_krb5` option has been superseded by `transport` option. See `man 5 audisp-remote.conf`.
The transport option is not commented out by default. Instead it is set to TCP by default. That means we should not instruct users to uncomment it.
I have also noticed that this rule is not a part of RHEL7 ospp profile.
b84ac2e
to
43ad827
Compare
Rebased on master. |
The inspection completed: 2 new issues |
The test scenarios run fine with the platform dependent test scenarios. |
Description:
In Audit 3.0 which is present in Fedora >= 29 and RHEL8, the
audisp-remote.conf
moved to/etc/audit
and theenable_krb5
option has been superseded by
transport
option.See
man 5 audisp-remote.conf
.Rationale:
This rule is a part of RHEL8 OSPP profile.