Bug 2176548

Summary:	[RHEL8.7/SCAP/Rsyslog] Rainier syntax not valid for cron and netstreamdriver parameters
Product:	Red Hat Enterprise Linux 8	Reporter:	Ravindra Patil <ravpatil>
Component:	scap-security-guide	Assignee:	Vojtech Polasek <vpolasek>
Status:	CLOSED MIGRATED	QA Contact:	BaseOS QE Security Team <qe-baseos-security>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	8.7	CC:	ggasparb, mhaicman, mlysonek, peter.vreman, sbalasub, vpolasek, wsato
Target Milestone:	rc	Keywords:	MigratedToJIRA, Triaged
Target Release:	---	Flags:	pm-rhel: mirror+
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2023-08-30 08:53:42 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Ravindra Patil 2023-03-08 16:14:44 UTC

Description of problem:

Latest scap-security-guide 0.1.66, the rainer syntax is still not fully supported yet. 

The SCAP rule xccdf_org.ssgproject.content_rule_rsyslog_cron_logging is not accepting the following  rainer syntax line:
~~~
cron.*          action(name="local-cron" type="omfile" FileCreateMode="0600" fileOwner="root" fileGroup="root" File="/var/log/cron")
~~~

Version-Release number of selected component (if applicable):
0.1.66-2.el8_7.noarch

How reproducible:

- Configure rainier syntax for collecting cron logs. 

# vi /etc/rsyslog.conf 
cron.*          action(name="local-cron" type="omfile" FileCreateMode="0600" fileOwner="root" fileGroup="root" File="/var/log/cron")


Steps to Reproduce:
1. Replace legacy configuration for cron logs with Rainier script syntax

# vi /etc/rsyslog.conf

2. Restart rsyslog to load changes. 

3. Scan the system for SCAP rule : xccdf_org.ssgproject.content_rule_rsyslog_cron_logging  

Actual results:
The rainier syntax is not validated

Expected results:
The rainier syntax for cron log configuration should be validated. 

Additional info:

Similarly, netstreamdriver parameters should be validated if configured in rainier syntax. 

Following rules are impacted. 

- xccdf_org.ssgproject.content_rule_rsyslog_cron_logging
- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdriverauthmode
- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdrivermode
- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_defaultnetstreamdriver

Comment 9 RHEL Program Management 2023-08-30 08:29:51 UTC

Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.

Comment 10 RHEL Program Management 2023-08-30 08:53:42 UTC

This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues.