Add new rule rsyslog_filecreatemode

[dodys]

Description:

• This rule has been missing for a while and should solve issue RHEL 8 CIS 4.2.1.3 Ensure rsyslog default file permissions configured (Automated) #7332
• This PR won't include ansible remediation, I expect other vendors will properly implement it.

Rationale:

• This rule is needed for CIS on Ubuntu, RHEL and SLES as far as I know, might be needed for other vendors as well.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

ubuntu2004 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

New content has different text for rule 'xccdf_org.ssgproject.content_rule_rsyslog_files_permissions'.
--- xccdf_org.ssgproject.content_rule_rsyslog_files_permissions
+++ xccdf_org.ssgproject.content_rule_rsyslog_files_permissions
@@ -65,9 +65,6 @@
 [reference]:
 Req-10.5.2
 
-[reference]:
-4.2.1.4
-
 [rationale]:
 Log files can contain valuable information regarding system
 configuration. If the system log files are not protected unauthorized

[dodys]

@teacup-on-rockingchair fyi, as we discussed in gitter

[marcusburghardt]

Thanks for this rule @dodys . Please, take a look in my comments to make it simpler.

[marcusburghardt]

Amazing @dodys . I really liked the new approach. Much simpler and easier to review. I have only minor comments and we should be ready. I also tested this rule in RHEL products and it is working fine. I will be happy to propose the Ansible remediation for it soon.

[codeclimate]

Code Climate has analyzed commit 468cfb8 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 51.7% (0.0% change).

View more on Code Climate.

[marcusburghardt]

Automatus tests are failing because the rule is restricted to ubuntu. Waived!

[marcusburghardt]

Thanks for the work in this new rule @dodys . The last update in the bash remediation is working fine in my tests too.

[marcusburghardt]

Overriding CODEOWNERS since a @dodys can't approve his own PR.

[marcusburghardt]

My last tests finished and actually some two test scenarios are failing in RHEL7 only. I quickly checked and it seems to be a minor issue related to compatibility. Since this rule will be interesting for CIS in RHEL7 and I plan to include it pretty soon, I am fine to merge it now and fix any possible issue in RHEL7 when enabling this rule for RHEL.

[marcusburghardt]

My last tests finished and actually some two test scenarios are failing in RHEL7 only. I quickly checked and it seems to be a minor issue related to compatibility. Since this rule will be interesting for CIS in RHEL7 and I plan to include it pretty soon, I am fine to merge it now and fix any possible issue in RHEL7 when enabling this rule for RHEL.

Fixed in #10328