Re: [Open-scap] syslog-ng setting issue in debian 8

Wed, 29 Aug 2018 02:21:36 -0700 

On 29/08/18 11:05, Dhanushka Parakrama wrote:

Hi  Team


Hello Dhanushka,

What version of SSG are you using?

This looks like a bug on 0.1.40 release, the package and service names 
used in bash remediation for syslog-ng are different than your commands, 
we use "syslogng" for package and service name.


Would you be willing to propose a fix for that?
These are the files that would need to be changed:
https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/templates/csv/packages_installed.csv
https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/templates/csv/services_enabled.csv



We have ran the scan for debian 8 using below command


*oscap  xccdf eval   --profile 
xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report 
report.html  ssg-debian8-ds.xml*


Got alerts as below ,
==============
image.png


To Fixed it we ran the below commands as suggested by the report

* apt-get install syslog-ng-core

* systemctl status syslog-ng

● syslog-ng.service - System Logger Daemon
   Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled)
   Active: active (running) since Tue 2018-08-28 15:04:28 IST; 23h ago
     Docs: man:syslog-ng(8)

  Process: 16275 ExecReload=/bin/kill -HUP $MAINPID (code=exited, 
status=0/SUCCESS)

 Main PID: 14555 (syslog-ng)
   CGroup: /system.slice/syslog-ng.service
           └─14555 /usr/sbin/syslog-ng -F

Aug 28 15:04:28 oscapserver systemd[1]: Starting System Logger Daemon...
Aug 28 15:04:28 oscapserver systemd[1]: Started System Logger Daemon.
Aug 29 06:25:03 oscapserver systemd[1]: Reloading System Logger Daemon.
Aug 29 06:25:03 oscapserver systemd[1]: Reloaded System Logger Daemon.


But even after we ran the scan after fixing it  Report still shows as

Ensure syslog-ng is installed -> FAILED
Ensure Syslog-ng Service ->  FAILED


Is there any reason for that ?


_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list



--
Watson Sato
Security Technologies | Red Hat, Inc


_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list





















					Reply via email to