Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix auditd_audispd_encrypt_sent_records on Fedora and RHEL8 #3619

Merged
merged 3 commits into from Dec 3, 2018
Merged

Fix auditd_audispd_encrypt_sent_records on Fedora and RHEL8 #3619

merged 3 commits into from Dec 3, 2018

Conversation

jan-cerny
Copy link
Collaborator

Description:

In Audit 3.0 which is present in Fedora >= 29 and RHEL8, the
audisp-remote.conf moved to /etc/audit and the enable_krb5
option has been superseded by transport option.
See man 5 audisp-remote.conf.

Rationale:

This rule is a part of RHEL8 OSPP profile.

@jan-cerny jan-cerny added this to the 0.1.42 milestone Nov 22, 2018
mildas
mildas reviewed Nov 22, 2018
View reviewed changes
Copy link
Contributor

@mildas mildas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The OVAL macro doesn't work for me - in builded rhel8/fedora datastream I still see content from elsepart. Others (remediation and yml) looks correct.

@mildas
Copy link
Contributor

mildas commented Nov 22, 2018
edited

@jan-cerny Sorry, it was my fault. I didn't delete build folder before building and it caused that problem.

@yuumasato yuumasato self-assigned this Nov 23, 2018
yuumasato
yuumasato requested changes Nov 23, 2018
View reviewed changes
Copy link
Member

@yuumasato yuumasato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe the test scenarios need to updated as well.

.../auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh Show resolved Hide resolved
...auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml Show resolved Hide resolved
...system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml Show resolved Hide resolved
...auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml Show resolved Hide resolved
...system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml Outdated Show resolved Hide resolved
@yuumasato
Copy link
Member

@jan-cerny See example of dirty workaround on how to write test scenarios for multiple products: https://github.com/ComplianceAsCode/content/tree/master/tests/data/group_system/group_auditing/group_auditd_configure_rules/group_audit_privileged_commands/rule_audit_rules_privileged_commands

@redhatrises redhatrises added the bugfix Fixes to reported bugs. label Nov 26, 2018
@jan-cerny
Copy link
Collaborator Author

@yuumasato I don't prefer workarounds. Instead I propose to handle multiple products by specifying platform in the scenarios. #3627

@jan-cerny
Copy link
Collaborator Author

I have added test scenarios for this.
However, if you run them without #3627 the scenarios that don't apply to the tested system will error.

@jan-cerny
Fix auditd_audispd_encrypt_sent_records on Fedora and RHEL8
ffd88dd 
In Audit 3.0 which is present in Fedora >= 29 and RHEL8, the
`audisp-remote.conf` moved to `/etc/audit` and the `enable_krb5`
option has been superseded by `transport` option.
See `man 5 audisp-remote.conf`.
@jan-cerny
Change the rule description in auditd_audispd_encrypt_sent_records
bbe9734 
The transport option is not commented out by default. Instead
it is set to TCP by default. That means we should not instruct
users to uncomment it.
@jan-cerny
Add test scenarios for RHEL8/Fedora
43ad827 
I have also noticed that this rule is not a part of RHEL7 ospp profile.
@jan-cerny jan-cerny force-pushed the rhel8_auditd_audispd_encrypt_sent_records branch from b84ac2e to 43ad827 Compare December 3, 2018 10:47
@jan-cerny
Copy link
Collaborator Author

Rebased on master.

@scrutinizer-notifier
Copy link

The inspection completed: 2 new issues

@yuumasato
Copy link
Member

The test scenarios run fine with the platform dependent test scenarios.
@jan-cerny Thank you for these fixes.

@yuumasato yuumasato merged commit 290636a into ComplianceAsCode:master Dec 3, 2018
@jan-cerny jan-cerny deleted the rhel8_auditd_audispd_encrypt_sent_records branch January 2, 2019 11:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mildas mildas mildas left review comments

@yuumasato yuumasato yuumasato approved these changes

Assignees

@yuumasato yuumasato

Labels
bugfix Fixes to reported bugs.
Projects
None yet
Milestone
0.1.42
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@jan-cerny @mildas @yuumasato @scrutinizer-notifier @redhatrises