Stabilizing ASB v2's auditEnsureSyslogRotaterServiceIsEnabled and remediateEnsureSyslogRotaterServiceIsEnabled (#729)

src/common/asb/Asb.c

@@ -624,6 +624,12 @@ static char* g_desiredEnsureUsersDotFilesArentGroupOrWorldWritable = NULL;
 static char* g_desiredEnsureUnnecessaryAccountsAreRemoved = NULL;
 static char* g_desiredEnsureDefaultDenyFirewallPolicyIsSet = NULL;
 
+static bool IsRedHatBased(void* log)
+{
+    return (IsCurrentOs("Red Hat", log) || IsCurrentOs("CentOS", log) || IsCurrentOs("AlmaLinux", log) ||
+        IsCurrentOs("Oracle Linux", log) || IsCurrentOs("Rocky Linux", log)) ? true : false;
+}
+
 void AsbInitialize(void* log)
 {
     char* prettyName = NULL;
@@ -1778,8 +1784,11 @@ static char* AuditEnsureSyslogRotaterServiceIsEnabled(void* log)
 {
     char* reason = NULL;
     RETURN_REASON_IF_NOT_ZERO(CheckPackageInstalled(g_logrotate, &reason, log));
-    RETURN_REASON_IF_NOT_ZERO(CheckFileExists(g_etcCronDailyLogRotate, &reason, log));
+    RETURN_REASON_IF_NOT_ZERO(CheckFileAccess(g_etcCronDailyLogRotate, 0, 0, 755, &reason, log));
-    CheckFileAccess(g_etcCronDailyLogRotate, 0, 0, 755, &reason, log);
+    if (false == IsRedHatBased(log))
+    {
+        CheckDaemonActive(g_logrotateTimer, &reason, log);
+    }
     return reason;
 }
 
@@ -3354,9 +3363,17 @@ static int RemediateEnsureRsyslogNotAcceptingRemoteMessages(char* value, void* l
 
 static int RemediateEnsureSyslogRotaterServiceIsEnabled(char* value, void* log)
 {
+    int status = ENOENT;
     UNUSED(value);
-    return ((0 == InstallPackage(g_logrotate, log)) && (0 == CheckFileExists(g_etcCronDailyLogRotate, NULL, log)) && 
+    if ((0 == InstallPackage(g_logrotate, log)) && (0 == SetFileAccess(g_etcCronDailyLogRotate, 0, 0, 755, log)))
-        (0 == SetFileAccess(g_etcCronDailyLogRotate, 0, 0, 755, log)) && EnableAndStartDaemon(g_logrotateTimer, log)) ? 0 : ENOENT;
+    {
+        status = 0;
+        if (false == IsRedHatBased(log))
+        {
+            status = EnableAndStartDaemon(g_logrotateTimer, log) ? 0 : ENOENT;
+        }
+    }
+    return status;
 }
 
 static int RemediateEnsureTelnetServiceIsDisabled(char* value, void* log)

src/modules/test/main.c

@@ -390,14 +390,12 @@ int RunTestStep(const TEST_STEP* test, const MANAGEMENT_MODULE* module)
         "auditEnsureAllBootloadersHavePasswordProtectionEnabled",
         // Following are temporarily disabled and they will be re-enabled and fixed one by one for all target distros
         "auditEnsurePermissionsOnEtcPasswdDash",
-        "auditEnsureSyslogRotaterServiceIsEnabled",
         "auditEnsureZeroconfNetworkingIsDisabled"
     };
     int numSkippedAudits = ARRAY_SIZE(skippedAudits);
 
     const char* skippedRemediations[] = {
         // Following are temporarily disabled and they will be re-enabled and fixed one by one for all target distros
-        "remediateEnsureSyslogRotaterServiceIsEnabled",
         "remediateEnsureZeroconfNetworkingIsDisabled"
     };
     int numSkippedRemediations = ARRAY_SIZE(skippedRemediations);