From a0b88da6bb5e4126d09116251c330e4fd9a928c3 Mon Sep 17 00:00:00 2001 From: Major Hayden Date: Tue, 6 Dec 2016 10:34:53 -0600 Subject: [PATCH] Add checks for remote syslog [+Docs] This patch adds a check for remote syslog configurations. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I3e05aa30c0d1d838a7f604c6ca7cce27a4d0e86a --- doc/metadata/rhel7/RHEL-07-030770.rst | 7 +++++-- tasks/rhel7stig/misc.yml | 20 ++++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/doc/metadata/rhel7/RHEL-07-030770.rst b/doc/metadata/rhel7/RHEL-07-030770.rst index 215e1c79..d4625155 100644 --- a/doc/metadata/rhel7/RHEL-07-030770.rst +++ b/doc/metadata/rhel7/RHEL-07-030770.rst @@ -1,7 +1,10 @@ --- id: RHEL-07-030770 -status: not implemented +status: verification only tag: misc --- -This STIG requirement is not yet implemented. +The tasks in the security role check for uncommented lines in the rsyslog +configuration that contain ``@`` or ``@@``, which signifies that a remote +logging configuration is in place. If these lines are not found, a warning +message is printed in the Ansible output. diff --git a/tasks/rhel7stig/misc.yml b/tasks/rhel7stig/misc.yml index 4b76dc3d..459524b2 100644 --- a/tasks/rhel7stig/misc.yml +++ b/tasks/rhel7stig/misc.yml @@ -105,6 +105,26 @@ - misc - RHEL-07-021270 +- name: Check if syslog output is being sent to another server + command: 'grep "^[^#].*@" /etc/rsyslog.conf' + register: rsyslog_transmit_check + changed_when: False + failed_when: False + check_mode: no + tags: + - always + +- name: RHEL-07-030770 - The system must send rsyslog output to a log aggregation server. + debug: + msg: Output from syslog must be sent to another server. + when: + - rsyslog_transmit_check is defined + - rsyslog_transmit_check.rc != 0 + tags: + - medium + - misc + - RHEL-07-030770 + - name: Check if ClamAV is installed stat: path: /usr/bin/clamdscan