-
Notifications
You must be signed in to change notification settings - Fork 709
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new rule logging_services_active
Checks that one of rsyslog/systemd-journald is active. Satisfies Ubuntu 24.04 CIS control 6.1.1.4
- Loading branch information
Showing
7 changed files
with
95 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 47 additions & 0 deletions
47
linux_os/guide/system/logging/logging_services_active/oval/shared.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| <def-group> | ||
| <!-- Check that one logging service is active --> | ||
| <definition class="compliance" id="{{{ rule_id }}}" version="1"> | ||
| {{{ oval_metadata("Ensure one logging service is in use") }}} | ||
| <criteria> | ||
| <criterion comment="one logging service is active" | ||
| test_ref="test_{{{ rule_id }}}_single_active_logging_service"/> | ||
| </criteria> | ||
| </definition> | ||
|
|
||
| <!-- Objects and states to identify active logging_service services --> | ||
| <linux:systemdunitproperty_object id="obj_{{{ rule_id }}}_logging_services" version="1" | ||
| comment="All active logging_service services"> | ||
| <linux:unit operation="pattern match">^(rsyslog|systemd-journald).service$</linux:unit> | ||
| <linux:property>ActiveState</linux:property> | ||
| <filter action="include">ste_{{{ rule_id }}}_logging_services</filter> | ||
| </linux:systemdunitproperty_object> | ||
|
|
||
| <linux:systemdunitproperty_state id="ste_{{{ rule_id }}}_logging_services" version="1"> | ||
| <linux:value>active</linux:value> | ||
| </linux:systemdunitproperty_state> | ||
|
|
||
| <!-- Count active logging_service services --> | ||
| <local_variable id="var_{{{ rule_id }}}_logging_service_active_count" datatype="int" version="1" | ||
| comment="Number of currently active logging_service services"> | ||
| <count> | ||
| <regex_capture pattern="^active$"> | ||
| <object_component item_field="value" object_ref="obj_{{{ rule_id }}}_logging_services"/> | ||
| </regex_capture> | ||
| </count> | ||
| </local_variable> | ||
|
|
||
| <!-- Test that count is at least one --> | ||
| <ind:variable_test id="test_{{{ rule_id }}}_single_active_logging_service" version="1" check="all" | ||
| comment="Verify one logging_service service is active"> | ||
| <ind:object object_ref="obj_{{{ rule_id }}}_count"/> | ||
| <ind:state state_ref="ste_{{{ rule_id }}}_count"/> | ||
| </ind:variable_test> | ||
|
|
||
| <ind:variable_object id="obj_{{{ rule_id }}}_count" version="1"> | ||
| <ind:var_ref>var_{{{ rule_id }}}_logging_service_active_count</ind:var_ref> | ||
| </ind:variable_object> | ||
|
|
||
| <ind:variable_state id="ste_{{{ rule_id }}}_count" version="1"> | ||
| <ind:value operation="greater than or equal" datatype="int">1</ind:value> | ||
| </ind:variable_state> | ||
| </def-group> |
23 changes: 23 additions & 0 deletions
23
linux_os/guide/system/logging/logging_services_active/rule.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| documentation_complete: true | ||
|
|
||
| title: 'Ensure One Logging Service Is In Use' | ||
|
|
||
| description: |- | ||
| Ensure that a logging system is active and in use. | ||
| <pre> | ||
| systemctl is-active rsyslog systemd-journald | ||
| </pre> | ||
| The command should return at least one <tt>active</tt>. | ||
| rationale: |- | ||
| The system should have one active logging service to avoid conflicts | ||
| and ensure consistency. | ||
| severity: medium | ||
|
|
||
| platform: machine | ||
|
|
||
| warnings: | ||
| - general: |- | ||
| This rule does not come with a remediation. There are specific rules | ||
| for enabling each logging service which should be enabled instead. |
8 changes: 8 additions & 0 deletions
8
linux_os/guide/system/logging/logging_services_active/tests/journald.pass.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| #!?bin/bash | ||
| # | ||
| # packages = rsyslog | ||
| # remediation = none | ||
|
|
||
| systemctl stop syslog* | ||
| systemctl stop rsyslog* | ||
| systemctl start systemd-journald |
7 changes: 7 additions & 0 deletions
7
linux_os/guide/system/logging/logging_services_active/tests/multiple.pass.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| #!?bin/bash | ||
| # | ||
| # packages = rsyslog | ||
| # remediation = none | ||
|
|
||
| systemctl start rsyslog | ||
| systemctl start systemd-journald |
8 changes: 8 additions & 0 deletions
8
linux_os/guide/system/logging/logging_services_active/tests/none.fail.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| #!?bin/bash | ||
| # | ||
| # packages = rsyslog | ||
| # remediation = none | ||
|
|
||
| systemctl stop systemd-journald* | ||
| systemctl stop syslog* | ||
| systemctl stop rsyslog* |