Stabilizing ASB v2's auditEnsureSyslogRotaterServiceIsEnabled and remediateEnsureSyslogRotaterServiceIsEnabled (#729)
This commit is contained in:
Marius Niculescu
GitHub
Родитель
cd68ccb502
Коммит
f234891d09
|
|
@ -624,6 +624,12 @@ static char* g_desiredEnsureUsersDotFilesArentGroupOrWorldWritable = NULL;
|
|||
static char* g_desiredEnsureUnnecessaryAccountsAreRemoved = NULL;
|
||||
static char* g_desiredEnsureDefaultDenyFirewallPolicyIsSet = NULL;
|
||||
|
||||
static bool IsRedHatBased(void* log)
|
||||
{
|
||||
return (IsCurrentOs("Red Hat", log) || IsCurrentOs("CentOS", log) || IsCurrentOs("AlmaLinux", log) ||
|
||||
IsCurrentOs("Oracle Linux", log) || IsCurrentOs("Rocky Linux", log)) ? true : false;
|
||||
}
|
||||
|
||||
void AsbInitialize(void* log)
|
||||
{
|
||||
char* prettyName = NULL;
|
||||
|
|
@ -1778,8 +1784,11 @@ static char* AuditEnsureSyslogRotaterServiceIsEnabled(void* log)
|
|||
{
|
||||
char* reason = NULL;
|
||||
RETURN_REASON_IF_NOT_ZERO(CheckPackageInstalled(g_logrotate, &reason, log));
|
||||
RETURN_REASON_IF_NOT_ZERO(CheckFileExists(g_etcCronDailyLogRotate, &reason, log));
|
||||
CheckFileAccess(g_etcCronDailyLogRotate, 0, 0, 755, &reason, log);
|
||||
RETURN_REASON_IF_NOT_ZERO(CheckFileAccess(g_etcCronDailyLogRotate, 0, 0, 755, &reason, log));
|
||||
if (false == IsRedHatBased(log))
|
||||
{
|
||||
CheckDaemonActive(g_logrotateTimer, &reason, log);
|
||||
}
|
||||
return reason;
|
||||
}
|
||||
|
||||
|
|
@ -3354,9 +3363,17 @@ static int RemediateEnsureRsyslogNotAcceptingRemoteMessages(char* value, void* l
|
|||
|
||||
static int RemediateEnsureSyslogRotaterServiceIsEnabled(char* value, void* log)
|
||||
{
|
||||
int status = ENOENT;
|
||||
UNUSED(value);
|
||||
return ((0 == InstallPackage(g_logrotate, log)) && (0 == CheckFileExists(g_etcCronDailyLogRotate, NULL, log)) &&
|
||||
(0 == SetFileAccess(g_etcCronDailyLogRotate, 0, 0, 755, log)) && EnableAndStartDaemon(g_logrotateTimer, log)) ? 0 : ENOENT;
|
||||
if ((0 == InstallPackage(g_logrotate, log)) && (0 == SetFileAccess(g_etcCronDailyLogRotate, 0, 0, 755, log)))
|
||||
{
|
||||
status = 0;
|
||||
if (false == IsRedHatBased(log))
|
||||
{
|
||||
status = EnableAndStartDaemon(g_logrotateTimer, log) ? 0 : ENOENT;
|
||||
}
|
||||
}
|
||||
return status;
|
||||
}
|
||||
|
||||
static int RemediateEnsureTelnetServiceIsDisabled(char* value, void* log)
|
||||
|
|
|
|||
|
|
@ -390,14 +390,12 @@ int RunTestStep(const TEST_STEP* test, const MANAGEMENT_MODULE* module)
|
|||
"auditEnsureAllBootloadersHavePasswordProtectionEnabled",
|
||||
// Following are temporarily disabled and they will be re-enabled and fixed one by one for all target distros
|
||||
"auditEnsurePermissionsOnEtcPasswdDash",
|
||||
"auditEnsureSyslogRotaterServiceIsEnabled",
|
||||
"auditEnsureZeroconfNetworkingIsDisabled"
|
||||
};
|
||||
int numSkippedAudits = ARRAY_SIZE(skippedAudits);
|
||||
|
||||
const char* skippedRemediations[] = {
|
||||
// Following are temporarily disabled and they will be re-enabled and fixed one by one for all target distros
|
||||
"remediateEnsureSyslogRotaterServiceIsEnabled",
|
||||
"remediateEnsureZeroconfNetworkingIsDisabled"
|
||||
};
|
||||
int numSkippedRemediations = ARRAY_SIZE(skippedRemediations);
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче