Description of problem: Latest scap-security-guide 0.1.66, the rainer syntax is still not fully supported yet. The SCAP rule xccdf_org.ssgproject.content_rule_rsyslog_cron_logging is not accepting the following rainer syntax line: ~~~ cron.* action(name="local-cron" type="omfile" FileCreateMode="0600" fileOwner="root" fileGroup="root" File="/var/log/cron") ~~~ Version-Release number of selected component (if applicable): 0.1.66-2.el8_7.noarch How reproducible: - Configure rainier syntax for collecting cron logs. # vi /etc/rsyslog.conf cron.* action(name="local-cron" type="omfile" FileCreateMode="0600" fileOwner="root" fileGroup="root" File="/var/log/cron") Steps to Reproduce: 1. Replace legacy configuration for cron logs with Rainier script syntax # vi /etc/rsyslog.conf 2. Restart rsyslog to load changes. 3. Scan the system for SCAP rule : xccdf_org.ssgproject.content_rule_rsyslog_cron_logging Actual results: The rainier syntax is not validated Expected results: The rainier syntax for cron log configuration should be validated. Additional info: Similarly, netstreamdriver parameters should be validated if configured in rainier syntax. Following rules are impacted. - xccdf_org.ssgproject.content_rule_rsyslog_cron_logging - xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdriverauthmode - xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdrivermode - xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_defaultnetstreamdriver