Unify the rhel approach for the rule

RHEL7 and RHEL9 should follow the same approach for RHEL8.
ComplianceAsCode · Jul 11, 2022 · 9dfdff0 · 9dfdff0
1 parent cb5e34f
commit 9dfdff0
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/...uide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/...uide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
@@ -6,7 +6,7 @@ else
     FILE="/var/log/audit/audit.log"
 fi
 
-{{% if product not in ["ol8", "rhel8"] %}}
+{{% if product not in ["ol8", "rhel7", "rhel8", "rhel9"] %}}
 if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then
   GROUP=$(awk -F "=" '/log_group/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
   if ! [ "${GROUP}" == 'root' ] ; then

diff --git a/...ide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/oval/shared.xml b/...ide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/oval/shared.xml
@@ -2,7 +2,7 @@
   <definition class="compliance" id="file_permissions_var_log_audit" version="2">
     {{{ oval_metadata("Checks for correct permissions for all audit log files.") }}}
     <criteria operator="OR">
-      {{% if product not in ["ol8", "rhel8"] %}}
+      {{% if product not in ["ol8", "rhel7", "rhel8", "rhel9"] %}}
       <criteria operator="AND" comment="log_file set">
         <extend_definition comment="log_file set in auditd.conf" definition_ref="auditd_conf_log_file_not_set" negate="true" />
         <criteria operator="AND" comment="log_group in auditd.conf is not root">
@@ -40,7 +40,7 @@
     <filter action="include">state_not_mode_0600</filter>
   </unix:file_object>
 
-  {{% if product in ["ol8", "rhel8"] %}}
+  {{% if product in ["ol8", "rhel7", "rhel8", "rhel9"] %}}
   <unix:file_test check="all" check_existence="at_least_one_exists"
       comment="default audit log files mode 0600"
       id="test_file_permissions_default_audit_log" version="1">

diff --git a/...x_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/...x_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
@@ -5,7 +5,7 @@ prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
 title: 'System Audit Logs Must Have Mode 0640 or Less Permissive'
 
 description: |-
-    {{% if product in ["ol8", "rhel8"] %}}
+    {{% if product in ["ol8", "rhel7", "rhel8", "rhel9"] %}}
     Determine where the audit logs are stored with the following command:
     <pre>$ sudo grep -iw log_file /etc/audit/auditd.conf
     log_file = /var/log/audit/audit.log</pre>