Classification: UNCLASSIFIED Caveats: NONE Should it also search /etc/rsyslog.d/*.conf? It's possible that additional files could be specified there.
[There are a couple of rules I've been wanting to add this to, but have unfortunately not been able to make time at work.] -- Ray Shaw (Contractor, STG) Army Research Laboratory CIO, Unix Support > -----Original Message----- > From: [email protected] [mailto:scap- > [email protected]] On Behalf Of Jan > Lieskovsky > Sent: Friday, June 20, 2014 5:51 AM > To: SCAP Security Guide > Subject: [PATCH] [RHEL/6, RHEL/7, shared] Replace > rsyslog_files_permissions OVAL unknown test stub with actual check > implementation > > > The proposed patch replaces rsyslog_files_permissions OVAL unknown test > stub with actual check implementation. > > The check: > * first searches /etc/rsyslog.conf for (uncommented) presence of > /var/log/* > log files paths and stores these paths into list, > * then selects just file objects (from all the system ones) having path > matching > some of the selected ones, > * lastly compares (via file object state) if the permissions are 0600 > or stronger. > > The change has been tested on both, RHEL-6 & RHEL-7 & seems to work > properly (=> update the test_attestations, created links & moved the > test to shared within the patch proposal too). > > Please review. > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team Classification: UNCLASSIFIED Caveats: NONE
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
