Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix rsyslog_remote_tls Remediations #9711

Merged
merged 3 commits into from
Oct 20, 2022
Merged

Fix rsyslog_remote_tls Remediations #9711

merged 3 commits into from
Oct 20, 2022

Conversation

Mab879
Copy link
Member

@Mab879 Mab879 commented Oct 19, 2022

Description:

Fix the Ansible and bash remediations for rsyslog_remote_tls.

Rationale:

Closes #9631
Closes #9623

Mab879 added 2 commits October 19, 2022 14:42
@Mab879
Ignore errors on rsyslog_remote_tls Ansible
0d70964
@Mab879
Update bash remedation for rsyslog_remote_tls
90b7d54 
Ensure that action is at the start of the line
helps to reduce false positive findings.
@Mab879 Mab879 added Ansible Ansible remediation update. Bash Bash remediation update. Update Rule Issues or pull requests related to Rules updates. labels Oct 19, 2022
@Mab879 Mab879 added this to the 0.1.65 milestone Oct 19, 2022
@Mab879 Mab879 mentioned this pull request Oct 19, 2022
Closed
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@Mab879 Mab879 changed the title Fix rsyslog_remote_tls Fix rsyslog_remote_tls Remediations Oct 19, 2022
@github-actions
Copy link

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
bash remediation for rule 'xccdf_org.ssgproject.content_rule_rsyslog_remote_tls' differs.
--- xccdf_org.ssgproject.content_rule_rsyslog_remote_tls
+++ xccdf_org.ssgproject.content_rule_rsyslog_remote_tls
@@ -5,7 +5,7 @@
 
 
 # Get omfwd configuration directive
-OMFWD_CONFIG_OUTPUT=`grep -Pzo '(?s)action\s*\(\s*type\s*=\s*"omfwd".*\)' /etc/rsyslog.conf /etc/rsyslog.d/*.conf`
+OMFWD_CONFIG_OUTPUT=`grep -Pzo '^(?s)action\s*\(\s*type\s*=\s*"omfwd".*\)' /etc/rsyslog.conf /etc/rsyslog.d/*.conf`
 OMFWD_CONFIG=`echo "$OMFWD_CONFIG_OUTPUT"| awk 'BEGIN {FS=":"; RS=")\n"}; {print $2}'`
 OMFWD_CONFIG_FILE=`echo "$OMFWD_CONFIG_OUTPUT"| awk 'BEGIN {FS=":"; RS=")\n"}; {print $1}'`
 if ! [ -z "$OMFWD_CONFIG" ]; then

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_rsyslog_remote_tls' differs.
--- xccdf_org.ssgproject.content_rule_rsyslog_remote_tls
+++ xccdf_org.ssgproject.content_rule_rsyslog_remote_tls
@@ -5,7 +5,8 @@
 - always
 
 - name: Get omfwd configuration directive
- shell: sed -e '/action\s*(\s*type\s*=\s*"omfwd"/,/)/!d' /etc/rsyslog.conf /etc/rsyslog.d/*.conf
+ shell: sed -e '/^action\s*(\s*type\s*=\s*"omfwd"/,/)/!d' /etc/rsyslog.conf /etc/rsyslog.d/*.conf
+ || true
 register: include_omfwd_config_output
 when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:

@codeclimate
Copy link

codeclimate bot commented Oct 19, 2022

Code Climate has analyzed commit 85659bd and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 41.0% (0.0% change).

View more on Code Climate.

@jan-cerny jan-cerny self-assigned this Oct 20, 2022
jan-cerny
jan-cerny approved these changes Oct 20, 2022
View reviewed changes
Copy link
Collaborator

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have confirmed that it fixed #9631 on a RHEL 9.0 virtual machine

In the following paste, the ds-broken is built from a45b876 and ds-fixed is build from this PR.

[root@localhost ~]# oscap xccdf eval --remediate --rule xccdf_org.ssgproject.content_rule_rsyslog_remote_tls ds-broken.xml 
WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2' points out to the remote 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2'. Use '--fetch-remote-resources' option to download it.
WARNING: Skipping 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2' file which is referenced from datastream
WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2 file which is referenced from XCCDF content
--- Starting Evaluation ---

Title   Configure TLS for rsyslog remote logging
Rule    xccdf_org.ssgproject.content_rule_rsyslog_remote_tls
Ident   CCE-83991-0
Result  fail


--- Starting Remediation ---

WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2 file which is referenced from XCCDF content
Title   Configure TLS for rsyslog remote logging
Rule    xccdf_org.ssgproject.content_rule_rsyslog_remote_tls
Ident   CCE-83991-0
Result  error


[root@localhost ~]# oscap xccdf eval --remediate --rule xccdf_org.ssgproject.content_rule_rsyslog_remote_tls ds-fixed.xml 
WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2' points out to the remote 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2'. Use '--fetch-remote-resources' option to download it.
WARNING: Skipping 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2' file which is referenced from datastream
WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2 file which is referenced from XCCDF content
--- Starting Evaluation ---

Title   Configure TLS for rsyslog remote logging
Rule    xccdf_org.ssgproject.content_rule_rsyslog_remote_tls
Ident   CCE-83991-0
Result  fail


--- Starting Remediation ---

WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2 file which is referenced from XCCDF content
Title   Configure TLS for rsyslog remote logging
Rule    xccdf_org.ssgproject.content_rule_rsyslog_remote_tls
Ident   CCE-83991-0
Result  fixed

[root@localhost ~]# oscap xccdf eval --rule xccdf_org.ssgproject.content_rule_rsyslog_remote_tls ds-fixed.xml 
WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2' points out to the remote 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2'. Use '--fetch-remote-resources' option to download it.
WARNING: Skipping 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2' file which is referenced from datastream
WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2 file which is referenced from XCCDF content
--- Starting Evaluation ---

Title   Configure TLS for rsyslog remote logging
Rule    xccdf_org.ssgproject.content_rule_rsyslog_remote_tls
Ident   CCE-83991-0
Result  pass

@jan-cerny jan-cerny merged commit 22ce78e into ComplianceAsCode:master Oct 20, 2022
@Mab879 Mab879 deleted the fix_rsyslog_tls branch October 20, 2022 12:16
@jan-cerny jan-cerny mentioned this pull request Oct 24, 2022
Closed
@marcusburghardt marcusburghardt mentioned this pull request Nov 1, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

Assignees

@jan-cerny jan-cerny

Labels
Ansible Ansible remediation update. Bash Bash remediation update. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.65
2 participants
@Mab879 @jan-cerny