On 29/08/18 11:05, Dhanushka Parakrama wrote:
Hi Team
Hello Dhanushka,
What version of SSG are you using?
This looks like a bug on 0.1.40 release, the package and service names
used in bash remediation for syslog-ng are different than your commands,
we use "syslogng" for package and service name.
Would you be willing to propose a fix for that?
These are the files that would need to be changed:
https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/templates/csv/packages_installed.csv
https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/templates/csv/services_enabled.csv
We have ran the scan for debian 8 using below command
*oscap xccdf eval --profile
xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report
report.html ssg-debian8-ds.xml*
Got alerts as below ,
==============
image.png
To Fixed it we ran the below commands as suggested by the report
* apt-get install syslog-ng-core
* systemctl status syslog-ng
● syslog-ng.service - System Logger Daemon
Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled)
Active: active (running) since Tue 2018-08-28 15:04:28 IST; 23h ago
Docs: man:syslog-ng(8)
Process: 16275 ExecReload=/bin/kill -HUP $MAINPID (code=exited,
status=0/SUCCESS)
Main PID: 14555 (syslog-ng)
CGroup: /system.slice/syslog-ng.service
└─14555 /usr/sbin/syslog-ng -F
Aug 28 15:04:28 oscapserver systemd[1]: Starting System Logger Daemon...
Aug 28 15:04:28 oscapserver systemd[1]: Started System Logger Daemon.
Aug 29 06:25:03 oscapserver systemd[1]: Reloading System Logger Daemon.
Aug 29 06:25:03 oscapserver systemd[1]: Reloaded System Logger Daemon.
But even after we ran the scan after fixing it Report still shows as
Ensure syslog-ng is installed -> FAILED
Ensure Syslog-ng Service -> FAILED
Is there any reason for that ?
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list
--
Watson Sato
Security Technologies | Red Hat, Inc
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list