search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.23k stars 698 forks source link

DISA: SSG does not check if logs offloaded via rsyslog #2068

Closed shawndwells closed 5 years ago

shawndwells commented 7 years ago

Red Hat Missing

shawndwells commented 7 years ago

@tbrunell it's clear DISA did not even look at the content:

https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/7/input/profiles/ospp-rhel7.xml#L150

tbrunell commented 7 years ago

@shawndwells The rule you referenced matches a rule in the STIG. I think they are wondering about the "rsyslog_nolisten" rule. There was no corresponding rule in the copy of the SSG content that they received in February.

shawndwells commented 7 years ago

Looks like DISA was using out of date content. They will be updating for TCP/UDP/RELP to align with rsyslog_nolisten

tbrunell commented 7 years ago

Rule exists with additional protocol options for rsyslog. Will massage with DISA.

redhatrises commented 5 years ago

Closing as SSG already complies with this.