[Open-scap] rsyslog and syslog-ng issue in Debian 8
Marek Haicman
mhaicman at redhat.com
Wed Aug 29 19:33:08 UTC 2018
Hah, that one is funny :) Good catch Dhanushka. Basically what what
these rules are trying to achieve is to have logging on your system. So
either of those is enough to fulfill that.
If you don't mind, could you create PR removing one of the pairs from
the profile [1]? I am not Debian user, so I don't know which one is
default/recommended. It should be in line with OS recommendation. Just
beware - if the recommended syslog is syslog-ng, then it's probably
appropriate to also remove all rsyslog-related rules in other ANSSI
levels (I have seen some in `average`)
Thanks,
Marek
[1]
https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/profiles/
On 08/29/2018 07:22 PM, Dhanushka Parakrama wrote:
> Hi Team
>
> When i'm using* xccdf_org.ssgproject.content_profile_anssi_np_nt28_high
> *profile in Debian 8 *ssg-debian8-ds.xml*
> in version scap-security-guide-0.1.40
>
> it says
>
> Title Ensure syslog-ng is Installed
> Rule xccdf_org.ssgproject.content_rule_package_syslogng_installed
> Result fail
>
> Title Enable syslog-ng Service
> Rule xccdf_org.ssgproject.content_rule_service_syslogng_enabled
> Result fail
>
> Title Ensure rsyslog is Installed
> Rule xccdf_org.ssgproject.content_rule_package_rsyslog_installed
> Result fail
>
> Title Enable rsyslog Service
> Rule xccdf_org.ssgproject.content_rule_service_rsyslog_enabled
> Result fail
>
>
> But when i'm installing rsyslog Debian 8 System automatically removes
> the syslog-ng package and vice versa . So one of the conditions will
> always failed
>
> Please see the below screenshot
>
> image.png
>
>
>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
>
More information about the Open-scap-list
mailing list