Stabilizing ASB v2's auditEnsureLoggingIsConfigured and remediateEnsureLoggingIsConfigured (#726)

This commit is contained in:
Marius Niculescu 2024-06-18 15:31:11 -07:00 коммит произвёл GitHub
Родитель afe605d98c
Коммит ef1df6e73d
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
2 изменённых файлов: 6 добавлений и 6 удалений

Просмотреть файл

@ -1669,10 +1669,11 @@ static char* AuditEnsureAllBootloadersHavePasswordProtectionEnabled(void* log)
static char* AuditEnsureLoggingIsConfigured(void* log)
{
char* reason = NULL;
RETURN_REASON_IF_NOT_ZERO(CheckFileExists("/var/log/syslog", &reason, log));
RETURN_REASON_IF_NOT_ZERO(CheckDaemonActive(g_syslog, &reason, log) ? 0 : ENOENT);
RETURN_REASON_IF_NOT_ZERO(CheckDaemonNotActive(g_rsyslog, &reason, log) ? 0 : ENOENT);
CheckDaemonActive(g_syslogNg, &reason, log);
RETURN_REASON_IF_NOT_ZERO(CheckPackageInstalled(g_systemd, &reason, log));
RETURN_REASON_IF_NOT_ZERO(CheckDaemonActive(g_systemdJournald, &reason, log) ? 0 : ENOENT);
RETURN_REASON_IF_ZERO(((0 == CheckPackageInstalled(g_rsyslog, &reason, log)) && CheckDaemonActive(g_rsyslog, &reason, log)) ? 0 : ENOENT);
RETURN_REASON_IF_ZERO(((0 == CheckPackageInstalled(g_syslog, &reason, log)) && CheckDaemonActive(g_syslog, &reason, log)) ? 0 : ENOENT);
RETURN_REASON_IF_ZERO(((0 == CheckPackageInstalled(g_syslogNg, &reason, log)) && CheckDaemonActive(g_syslogNg, &reason, log)) ? 0 : ENOENT);
return reason;
}
@ -3218,7 +3219,7 @@ static int RemediateEnsureAllBootloadersHavePasswordProtectionEnabled(char* valu
static int RemediateEnsureLoggingIsConfigured(char* value, void* log)
{
UNUSED(value);
return (((0 == InstallPackage(g_systemd, log) && ((0 == InstallPackage(g_rsyslog, log)) ||
return (((0 == InstallPackage(g_systemd, log) && ((0 == InstallPackage(g_rsyslog, log)) ||
(0 == InstallPackage(g_syslog, log)))) || (0 == InstallPackage(g_syslogNg, log))) &&
(((0 == CheckPackageInstalled(g_systemd, NULL, log)) && EnableAndStartDaemon(g_systemdJournald, log))) &&
((((0 == CheckPackageInstalled(g_rsyslog, NULL, log)) && EnableAndStartDaemon(g_rsyslog, log))) ||

Просмотреть файл

@ -391,7 +391,6 @@ int RunTestStep(const TEST_STEP* test, const MANAGEMENT_MODULE* module)
// Following are temporarily disabled and they will be re-enabled and fixed one by one for all target distros
"auditEnsureAuditdServiceIsRunning",
"auditEnsurePermissionsOnEtcPasswdDash",
"auditEnsureLoggingIsConfigured",
"auditEnsureSyslogRotaterServiceIsEnabled",
"auditEnsureAuditdInstalled",
"auditEnsureRemoteLoginWarningBannerIsConfigured",