From ef1df6e73d2853993f2b3e4e39bcf227be8ce658 Mon Sep 17 00:00:00 2001 From: Marius Niculescu Date: Tue, 18 Jun 2024 15:31:11 -0700 Subject: [PATCH] Stabilizing ASB v2's auditEnsureLoggingIsConfigured and remediateEnsureLoggingIsConfigured (#726) --- src/common/asb/Asb.c | 11 ++++++----- src/modules/test/main.c | 1 - 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/common/asb/Asb.c b/src/common/asb/Asb.c index a7ab5948..fa5d64ee 100644 --- a/src/common/asb/Asb.c +++ b/src/common/asb/Asb.c @@ -1669,10 +1669,11 @@ static char* AuditEnsureAllBootloadersHavePasswordProtectionEnabled(void* log) static char* AuditEnsureLoggingIsConfigured(void* log) { char* reason = NULL; - RETURN_REASON_IF_NOT_ZERO(CheckFileExists("/var/log/syslog", &reason, log)); - RETURN_REASON_IF_NOT_ZERO(CheckDaemonActive(g_syslog, &reason, log) ? 0 : ENOENT); - RETURN_REASON_IF_NOT_ZERO(CheckDaemonNotActive(g_rsyslog, &reason, log) ? 0 : ENOENT); - CheckDaemonActive(g_syslogNg, &reason, log); + RETURN_REASON_IF_NOT_ZERO(CheckPackageInstalled(g_systemd, &reason, log)); + RETURN_REASON_IF_NOT_ZERO(CheckDaemonActive(g_systemdJournald, &reason, log) ? 0 : ENOENT); + RETURN_REASON_IF_ZERO(((0 == CheckPackageInstalled(g_rsyslog, &reason, log)) && CheckDaemonActive(g_rsyslog, &reason, log)) ? 0 : ENOENT); + RETURN_REASON_IF_ZERO(((0 == CheckPackageInstalled(g_syslog, &reason, log)) && CheckDaemonActive(g_syslog, &reason, log)) ? 0 : ENOENT); + RETURN_REASON_IF_ZERO(((0 == CheckPackageInstalled(g_syslogNg, &reason, log)) && CheckDaemonActive(g_syslogNg, &reason, log)) ? 0 : ENOENT); return reason; } @@ -3218,7 +3219,7 @@ static int RemediateEnsureAllBootloadersHavePasswordProtectionEnabled(char* valu static int RemediateEnsureLoggingIsConfigured(char* value, void* log) { UNUSED(value); - return (((0 == InstallPackage(g_systemd, log) && ((0 == InstallPackage(g_rsyslog, log)) || + return (((0 == InstallPackage(g_systemd, log) && ((0 == InstallPackage(g_rsyslog, log)) || (0 == InstallPackage(g_syslog, log)))) || (0 == InstallPackage(g_syslogNg, log))) && (((0 == CheckPackageInstalled(g_systemd, NULL, log)) && EnableAndStartDaemon(g_systemdJournald, log))) && ((((0 == CheckPackageInstalled(g_rsyslog, NULL, log)) && EnableAndStartDaemon(g_rsyslog, log))) || diff --git a/src/modules/test/main.c b/src/modules/test/main.c index 8d895c5a..3323263b 100644 --- a/src/modules/test/main.c +++ b/src/modules/test/main.c @@ -391,7 +391,6 @@ int RunTestStep(const TEST_STEP* test, const MANAGEMENT_MODULE* module) // Following are temporarily disabled and they will be re-enabled and fixed one by one for all target distros "auditEnsureAuditdServiceIsRunning", "auditEnsurePermissionsOnEtcPasswdDash", - "auditEnsureLoggingIsConfigured", "auditEnsureSyslogRotaterServiceIsEnabled", "auditEnsureAuditdInstalled", "auditEnsureRemoteLoginWarningBannerIsConfigured",