rsyslog_files_* rule fails on every hardening for RHEL9/10

[ggbecker]

Fails

xccdf_org.ssgproject.content_rule_rsyslog_files_permissions xccdf_org.ssgproject.content_rule_rsyslog_files_groupownership

xccdf_org.ssgproject.content_rule_rsyslog_files_ownership OVAL details (similar for every rule)

System log files have appropriate owner set  oval:ssg-test_rsyslog_files_ownership:tst:1  false
No items have been found conforming to the following objects:
Object oval:ssg-object_rsyslog_files_ownership_owner:obj:1 of type file_object
Filepath
0
^/etc/rsyslog.conf$
^/etc/rsyslog\.d/(?=[^.])[^/]*\.conf$
^/etc/rsyslog\.d/(?=[^.])[^/]*\.conf$
^/etc/rsyslog.conf$
Referenced variable has no values (oval:ssg-var_rsyslog_files_ownership_log_files_paths:var:1).

Additional Info

I was not able to determine exactly the cause of the issue, one suspicion I have is that for some reason the files are not present in the system. Maybe the rsyslog package is being removed for some reason.

But Referenced variable has no values is also suspicious.

Maybe something on rsyslog changed as well, we need to investigate this more.

[ggbecker]

I suspect the Rsyslog is now using the RainerScript syntax now and it's tripping our current template implementation: https://gitlab.com/redhat/centos-stream/rpms/rsyslog/-/merge_requests/49/diffs