cis-dil-benchmark-4.2.2.1 not looking for custom configurations in /journald.conf.d/

Open jshburkett opened this issue 3 years ago • 1 comments

Describe the bug

cis-dil-benchmark-4.2.2.1 seems to simply be checking etc/systemd/journald.conf with

parse_config_file('/etc/systemd/journald.conf') do
its('Journal') { should include({ 'ForwardToSyslog' => 'yes' }) }

It’s saying we fail this test. However, as per recommendations I see online, we have a separate .conf file in /etc/systemd/journald.conf.d/ that contains:

[Journal]
ForwardToSyslog=true

So as far as I can tell, we do, in fact, have a proper setup, but the inspec report doesn’t see it. Every entry in the journald.conf file is commented out, but that seems to be standard practice. Uncommenting the line #ForwardToSyslog=yes and re-running an inspec run fixes the issue.

Expected behavior

The benchmark should scan /etc/systemd/journald.conf.d/ for custom configuration files since these override what's in /etc/systemd/journald.conf. It should read that configuration file and recognize that it satisfies the requirement.

Actual behavior



results [ |  
-- | --
0 {code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed} | 0 {code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed} | 0 { |   | code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed | code_desc | Parse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"} | message | expected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", | resource_class | parse_config_file | resource_params | ["/etc/systemd/journald.conf"] | run_time | 0.000724913 | start_time | 2022-09-14T03:59:12+00:00 | status | failed | }
0 {code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed} | 0 { |   | code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed | code_desc | Parse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"} | message | expected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", | resource_class | parse_config_file | resource_params | ["/etc/systemd/journald.conf"] | run_time | 0.000724913 | start_time | 2022-09-14T03:59:12+00:00 | status | failed | }
0 { |  
code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed | code_desc | Parse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"} | message | expected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", | resource_class | parse_config_file | resource_params | ["/etc/systemd/journald.conf"] | run_time | 0.000724913 | start_time | 2022-09-14T03:59:12+00:00 | status | failed
code_desc | Parse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}
message | expected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes",
resource_class | parse_config_file
resource_params | ["/etc/systemd/journald.conf"]
run_time | 0.000724913
start_time | 2022-09-14T03:59:12+00:00
status | failed
}
]

Example code

Setup and how to replicate is described above.

OS / Environment

$ uname -rvmpis
Linux 5.4.0-1089-azure #94~18.04.1-Ubuntu SMP Fri Aug 5 12:34:50 UTC 2022 x86_64 x86_64 x86_64

Inspec Version

4.46.13

Baseline Version

https://github.com/dev-sec/cis-dil-benchmark/archive/master.zip

Sep 19 '22 16:09 jshburkett

I suspect the fix will be to do something like what is done with the cron.d directory

https://github.com/dev-sec/cis-dil-benchmark/blob/c845274efcf6e5f2e9307a780995a94c7bee0042/controls/1_3_filesystem_integrity_checking.rb#L50-L62

Nov 15 '22 21:11 spencer-cdw