Hah, that one is funny :) Good catch Dhanushka. Basically what what
these rules are trying to achieve is to have logging on your system. So
either of those is enough to fulfill that.
If you don't mind, could you create PR removing one of the pairs from
the profile [1]? I am not Debian user, so I don't know which one is
default/recommended. It should be in line with OS recommendation. Just
beware - if the recommended syslog is syslog-ng, then it's probably
appropriate to also remove all rsyslog-related rules in other ANSSI
levels (I have seen some in `average`)
Thanks,
Marek
[1]
https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/profiles/
On 08/29/2018 07:22 PM, Dhanushka Parakrama wrote:
Hi Team
When i'm using* xccdf_org.ssgproject.content_profile_anssi_np_nt28_high
*profile in Debian 8 *ssg-debian8-ds.xml*
in version scap-security-guide-0.1.40
it says
Title Ensure syslog-ng is Installed
Rule xccdf_org.ssgproject.content_rule_package_syslogng_installed
Result fail
Title Enable syslog-ng Service
Rule xccdf_org.ssgproject.content_rule_service_syslogng_enabled
Result fail
Title Ensure rsyslog is Installed
Rule xccdf_org.ssgproject.content_rule_package_rsyslog_installed
Result fail
Title Enable rsyslog Service
Rule xccdf_org.ssgproject.content_rule_service_rsyslog_enabled
Result fail
But when i'm installing rsyslog Debian 8 System automatically removes
the syslog-ng package and vice versa . So one of the conditions will
always failed
Please see the below screenshot
image.png
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list
