RHEL-08-030650 missing rule for rsyslogd

[JSurf]

Describe the Issue
RHEL-08-030650 does not check/add a line for rsyslogd

Expected Behavior
From Stig Guide:

Check Text: Verify that Advanced Intrusion Detection Environment (AIDE) is properly configured to use cryptographic mechanisms to protect the integrity of audit tools.

If AIDE is not installed, ask the System Administrator how file integrity checks are performed on the system.

Check the selection lines to ensure AIDE is configured to add/check with the following command:

$ sudo egrep '(/usr/sbin/(audit|au))' /etc/aide.conf

/usr/sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/rsyslogd p+i+n+u+g+s+b+acl+xattrs+sha512
/usr/sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512

If any of the audit tools listed above do not have an appropriate selection line, ask the system administrator to indicate what cryptographic mechanisms are being used to protect the integrity of the audit tools. If there is no evidence of integrity protection, this is a finding.

Actual Behavior
/usr/sbin/rsyslogd p+i+n+u+g+s+b+acl+xattrs+sha512
is missing

instead
usr/sbin/audisp-remote p+i+n+u+g+s+b+acl+xattrs+sha512
and
usr/sbin/audisp-syslog p+i+n+u+g+s+b+acl+xattrs+sha512
are added but not required by the STIG guide

Control(s) Affected
RHEL-08-030650

Environment (please complete the following information):
does not matter

Additional Notes
Not sure if it makes sense to keep these, since there is no reference in the STIG Guide about these items:
/usr/sbin/audisp-remote
and
/usr/sbin/audisp-syslog

Possible Solution
vitecde@be21bff

If you prefer a pull request, please let me know, since you are in progress working on a new V1R3 branch i'm not sure

[JSurf]

templates/aide.conf.j2 must be updated too

vitecde@64bceaa

[georgenalen]

Addressed in release 2.3.0