Add checks for remote syslog [+Docs]
This patch adds a check for remote syslog configurations. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I3e05aa30c0d1d838a7f604c6ca7cce27a4d0e86a
This commit is contained in:
parent
71a3847862
commit
a0b88da6bb
|
@ -1,7 +1,10 @@
|
||||||
---
|
---
|
||||||
id: RHEL-07-030770
|
id: RHEL-07-030770
|
||||||
status: not implemented
|
status: verification only
|
||||||
tag: misc
|
tag: misc
|
||||||
---
|
---
|
||||||
|
|
||||||
This STIG requirement is not yet implemented.
|
The tasks in the security role check for uncommented lines in the rsyslog
|
||||||
|
configuration that contain ``@`` or ``@@``, which signifies that a remote
|
||||||
|
logging configuration is in place. If these lines are not found, a warning
|
||||||
|
message is printed in the Ansible output.
|
||||||
|
|
|
@ -105,6 +105,26 @@
|
||||||
- misc
|
- misc
|
||||||
- RHEL-07-021270
|
- RHEL-07-021270
|
||||||
|
|
||||||
|
- name: Check if syslog output is being sent to another server
|
||||||
|
command: 'grep "^[^#].*@" /etc/rsyslog.conf'
|
||||||
|
register: rsyslog_transmit_check
|
||||||
|
changed_when: False
|
||||||
|
failed_when: False
|
||||||
|
check_mode: no
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
|
- name: RHEL-07-030770 - The system must send rsyslog output to a log aggregation server.
|
||||||
|
debug:
|
||||||
|
msg: Output from syslog must be sent to another server.
|
||||||
|
when:
|
||||||
|
- rsyslog_transmit_check is defined
|
||||||
|
- rsyslog_transmit_check.rc != 0
|
||||||
|
tags:
|
||||||
|
- medium
|
||||||
|
- misc
|
||||||
|
- RHEL-07-030770
|
||||||
|
|
||||||
- name: Check if ClamAV is installed
|
- name: Check if ClamAV is installed
|
||||||
stat:
|
stat:
|
||||||
path: /usr/bin/clamdscan
|
path: /usr/bin/clamdscan
|
||||||
|
|
Loading…
Reference in New Issue