rsyslog_files_permissions: Consider the last field in the config line the log file path #9750
Conversation
yuumasato
changed the title
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
@lonicerae Hi, would you mind looking at the PR? Thanks. |
|
This datastream diff is auto generated by the check Click here to see the full diffbash remediation for rule 'xccdf_org.ssgproject.content_rule_rsyslog_files_permissions' differs.
--- xccdf_org.ssgproject.content_rule_rsyslog_files_permissions
+++ xccdf_org.ssgproject.content_rule_rsyslog_files_permissions
@@ -58,7 +58,7 @@
then
NORMALIZED_CONFIG_FILE_LINES=$(sed -e "/^[#|$]/d" "${LOG_FILE}")
LINES_WITH_PATHS=$(grep '[^/]*\s\+\S*/\S\+$' <<< "${NORMALIZED_CONFIG_FILE_LINES}")
- FILTERED_PATHS=$(awk '{if(NF>=2&&($2~/^\//||$2~/^-\//)){sub(/^-\//,"/",$2);print $2}}' <<< "${LINES_WITH_PATHS}")
+ FILTERED_PATHS=$(awk '{if(NF>=2&&($NF~/^\//||$NF~/^-\//)){sub(/^-\//,"/",$NF);print $NF}}' <<< "${LINES_WITH_PATHS}")
CLEANED_PATHS=$(sed -e "s/[\"')]//g; /\\/etc.*\.conf/d; /\\/dev\\//d" <<< "${FILTERED_PATHS}")
MATCHED_ITEMS=$(sed -e "/^$/d" <<< "${CLEANED_PATHS}")
# Since above sed command might return more than one item (delimited by newline), split the particular |
|
@brett060102 You may be interested in this fix as well. |
|
@yuumasato @ggbecker Any idea what is wrong with Automatus? |
yuumasato
force-pushed
the
rsyslog_cloudinit_case
branch
from
a9d5e80
to
7148385
Compare
No idea, automatus on containers work locally for me. I have removed some old comments from the test scenario, and pushed again. |
yuumasato
force-pushed
the
rsyslog_cloudinit_case
branch
from
7148385
to
5ca541e
Compare
These tests configure an rsyslog conf file similar to the ones used to filter cloudinit entries in "21-cloudinit.conf".
An rsyslog config line can have more than two fields, and the last one will actually be the field with the log file path.
yuumasato
force-pushed
the
rsyslog_cloudinit_case
branch
from
5ca541e
to
be4b176
Compare
|
Code Climate has analyzed commit be4b176 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 46.7%. View more on Code Climate. |
There was a problem hiding this comment.
I've tested it on CS8 and CS9 images, works well. Thank you for the fix @yuumasato !
Description:
Rationale:
testing-farm:centos-stream-9-x86_64test on Add CIS and ANSSI machine hardening tests for TF #9738