2176548 – [RHEL8.7/SCAP/Rsyslog] Rainier syntax not valid for cron and netstreamdriver parameters

Bug 2176548 - [RHEL8.7/SCAP/Rsyslog] Rainier syntax not valid for cron and netstreamdriver parameters

Summary: [RHEL8.7/SCAP/Rsyslog] Rainier syntax not valid for cron and netstreamdriver ...

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	8.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Vojtech Polasek
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-03-08 16:14 UTC by Ravindra Patil
Modified:	2023-07-20 12:41 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-151089	0	None	None	None	2023-03-08 16:17:30 UTC

Description Ravindra Patil 2023-03-08 16:14:44 UTC

Description of problem:

Latest scap-security-guide 0.1.66, the rainer syntax is still not fully supported yet. 

The SCAP rule xccdf_org.ssgproject.content_rule_rsyslog_cron_logging is not accepting the following  rainer syntax line:
~~~
cron.*          action(name="local-cron" type="omfile" FileCreateMode="0600" fileOwner="root" fileGroup="root" File="/var/log/cron")
~~~

Version-Release number of selected component (if applicable):
0.1.66-2.el8_7.noarch

How reproducible:

- Configure rainier syntax for collecting cron logs. 

# vi /etc/rsyslog.conf 
cron.*          action(name="local-cron" type="omfile" FileCreateMode="0600" fileOwner="root" fileGroup="root" File="/var/log/cron")


Steps to Reproduce:
1. Replace legacy configuration for cron logs with Rainier script syntax

# vi /etc/rsyslog.conf

2. Restart rsyslog to load changes. 

3. Scan the system for SCAP rule : xccdf_org.ssgproject.content_rule_rsyslog_cron_logging  

Actual results:
The rainier syntax is not validated

Expected results:
The rainier syntax for cron log configuration should be validated. 

Additional info:

Similarly, netstreamdriver parameters should be validated if configured in rainier syntax. 

Following rules are impacted. 

- xccdf_org.ssgproject.content_rule_rsyslog_cron_logging
- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdriverauthmode
- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdrivermode
- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_defaultnetstreamdriver

Note You need to log in before you can comment on or make changes to this bug.