Unify the RHEL approach for rule file_permissions_var_log_audit

[yuumasato]

Description:

• RHEL7 and RHEL9 should follow the same approach for RHEL8. i.e.:
  • Look for log_file in /etc/audit/auditd.conf` and check that file's permissions

Rationale:

• Related Update file_permissions_var_log_audit behavior for OL8 and RHEL8 #8808
• RHEL8 STIG: https://stigs.mab879.com/products/rhel8/v1r6/RHEL-08-030070/
• RHEL7 STIG https://stigs.mab879.com/products/rhel7/v3r7/RHEL-07-910055/
• Fixes Test scenarios for file_permissions_var_log_audit fail on RHEL7 and RHEL9 #8948

[yuumasato]

* RHEL8 STIG: https://stigs.mab879.com/products/rhel8/v1r6/RHEL-08-030070/

* RHEL7 STIG https://stigs.mab879.com/products/rhel7/v3r7/RHEL-07-910055/

@Mab879 @ggbecker Do you think fix text of this item is correct?
Should it be more like the RHEL7's fixtext?

There is an item more specific about the file's group: https://stigs.mab879.com/products/rhel8/v1r6/RHEL-08-030090/

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[Mab879]

I think this change makes sense.

Maybe we should use 'rhel' in product or similar so that we will not have to repeat this work for future versions of RHEL.

[yuumasato]

Weird, the test scenarios pass on my machine:

time python3 tests/test_suite.py rule  --libvirt qemu:///session rhel9 --datastream build/ssg-rhel9-ds.xml --dontclean file_permissions_var_log_audit
WARNING - You call Automatus using the legacy 'test_suite.py' script, use the 'automatus.py' instead

Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/wsato/git/content/logs/rule-custom-2022-07-12-1839/test_suite.log
WARNING - Script correct_permissions.pass.sh is not applicable on given platform
WARNING - Script incorrect_permissions.fail.sh is not applicable on given platform
INFO - xccdf_org.ssgproject.content_rule_file_permissions_var_log_audit
INFO - Script correct_value_default_file_0600.pass.sh using profile (all) OK
INFO - Script incorrect_value_default_file_0600.fail.sh using profile (all) OK
INFO - Script correct_value_0600.pass.sh using profile (all) OK
INFO - Script incorrect_value_0600.fail.sh using profile (all) OK

WARNING - You call Automatus using the legacy 'test_suite.py' script, use the 'automatus.py' instead

[vojtapolasek]

I see that some tet scenarios are missing:

packages = auditd

Could this be the problem?

[yuumasato]

@vojtapolasek Thanks, the CI seems happy now.

[codeclimate]

Code Climate has analyzed commit 27e7eab and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 42.7% (0.0% change).

View more on Code Climate.

[openshift-ci]

@yuumasato: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-rhcos4-high	27e7eab	link	true	/test e2e-aws-rhcos4-high
ci/prow/e2e-aws-rhcos4-moderate	27e7eab	link	true	/test e2e-aws-rhcos4-moderate

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[vojtapolasek]

Looks great now, thank you.