Hi Ray,
----- Original Message -----
From: "Ray V CTR USARMY ARL Shaw (US)"
<ray.v.shaw.ctr(a)mail.mil>
To: "SCAP Security Guide" <scap-security-guide(a)lists.fedorahosted.org>
Sent: Friday, June 20, 2014 2:57:55 PM
Subject: RE: [PATCH] [RHEL/6, RHEL/7, shared] Replace rsyslog_files_permissions OVAL
unknown test stub with actual
check implementation (UNCLASSIFIED)
Classification: UNCLASSIFIED
Caveats: NONE
Should it also search /etc/rsyslog.d/*.conf? It's possible that additional
files could be specified there.
Right, good catch. Not just /etc/rsyslog.d/*.conf, but whatever file / directory path
(possibly) specified after $IncludeConfig directive (under assumption it's not
commented out):
http://www.rsyslog.com/doc/rsconf1_includeconfig.html
Will come with another patch.
[There are a couple of rules I've been wanting to add this to, but have
unfortunately not been able to make time at work.]
That's another good point (check rules that might be recursively nesting settings
/ another config files for their proper work. Will review the current content for
cases like this).
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
--
Ray Shaw (Contractor, STG)
Army Research Laboratory
CIO, Unix Support
> -----Original Message-----
> From: scap-security-guide-bounces(a)lists.fedorahosted.org [mailto:scap-
> security-guide-bounces(a)lists.fedorahosted.org] On Behalf Of Jan
> Lieskovsky
> Sent: Friday, June 20, 2014 5:51 AM
> To: SCAP Security Guide
> Subject: [PATCH] [RHEL/6, RHEL/7, shared] Replace
> rsyslog_files_permissions OVAL unknown test stub with actual check
> implementation
>
>
> The proposed patch replaces rsyslog_files_permissions OVAL unknown test
> stub with actual check implementation.
>
> The check:
> * first searches /etc/rsyslog.conf for (uncommented) presence of
> /var/log/*
> log files paths and stores these paths into list,
> * then selects just file objects (from all the system ones) having path
> matching
> some of the selected ones,
> * lastly compares (via file object state) if the permissions are 0600
> or stronger.
>
> The change has been tested on both, RHEL-6 & RHEL-7 & seems to work
> properly (=> update the test_attestations, created links & moved the
> test to shared within the patch proposal too).
>
> Please review.
>
> Thank you && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Technologies Team
Classification: UNCLASSIFIED
Caveats: NONE
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide