9 Replies Latest reply on Jul 18, 2014 5:58 AM by Monoj Padhy

    Compliance Logic issue with Component template



      I've modified a version of a component template rule that originally came from the CIS benchmark for RHEL 5 available with 8.1.04 of BSA.


      The original condition logic only accounted for syslog.conf and not the 3 different versions that we now have (syslog.conf, rsyslog.conf and syslog-ng.conf).


      The logic (and where it is incorrectly showing non-compliance) as it stands today is:


      "Configuration File Entry:/etc/syslog.conf//authpriv.*-\/var\/log\/secure" exists  OR

         "Configuration File Entry:/etc/syslog-ng/syslog-ng.conf//authpriv.*-\/var\/log\/secure" exists  OR

         "Configuration File Entry:/etc/rsyslog.conf//authpriv.*-\/var\/log\/secure" exists

      )  AND


         "File:/var/log/secure" exists


         "File:/var/log/secure"."Permissions (Unix) (Unix)" does not have any flag ["World Execute", "World Write", "World Read", "Group Execute", "Group Write", "Group Read", "Owner Execute"]  AND

         "File:/var/log/secure"."Permissions (Unix) (Unix)" has flag "Owner Read"  AND

         "File:/var/log/secure"."Group Owner (Unix) (Unix)" = 0  AND

         "File:/var/log/secure"."User Owner (Unix) (Unix)" = 0



      The component template has Parts (enabled for compliance) for the 3 different Configuration File Entry objects.

      On our test server the only file that exists is /etc/rsyslog.conf and the contents of the configuration file for it looks like this:



      It seems that the nested OR statement is whats causing the issue here. Perhaps this is a simple one yet my eyes are not seeing it. Can anyone help?