ComplianceAsCode
Fix rsyslog rules due to change in how the configuration files are written
Description:
The following rules:
rsyslog_files_groupownership rsyslog_files_ownership rsyslog_files_permissions
Most likely this is what caused the change: https://gitlab.com/redhat/centos-stream/rpms/rsyslog/-/merge_requests/49/diffs
Rationale:
- Attempts to Fix #14227
it did not seem to help as I ran a custom set of hardening tests and the fails are still there :(
This is ready to review, all the test scenarios pass on RHEL9 both ansible and bash, and a custom productization also passed for RHEL9 and RHEL10. There might be an issue on RHEL8 ISM_O on testing farm, stating that /var/log/cron had 0644 instead of 0640, I've rerun the testing farm tests to see if it's a fluke, it's weird because if it is an issue I'd expect it to be present on every RHEL8 profile testing that has this rule selected. Let's see how it goes.
I might have discovered how to fix the issue with the /var/log/cron file on ansible remediation, see: 628b2b2
let's see how testing works.
@ggbecker: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| ci/prow/e2e-aws-openshift-node-compliance | 0b77174b7b5278e47dbb00332e7f4832bd753fca | link | true | /test e2e-aws-openshift-node-compliance |
Full PR test history. Your PR dashboard.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}