Fix Ansible remediation in rsyslog_logfiles_attributes_modify template

[marcusburghardt]

Description:

The Ansible remediation in the rsyslog_logfiles_attributes_modify template uses the file module to set file permissions. The mode option receives the value from a Jinja2 variable.
This value was not quoted, making the octal number be converted to a decimal number and consequently impacting the remediation.

This was the result of the relevant task in the Ansible Playbook when the 0640 value was used without quotes in the mode option of the file module:

ansible.builtin.file:
  path: '{{ item }}'
  mode: 416
  state: file

This is the expected result, fixed by this PR:

ansible.builtin.file:
  path: '{{ item }}'
  mode: '0640'
  state: file

In addition, some minor updates were done in test scenario scripts:

• The existing scripts were renamed to be better organized.
• The default permission in the "correct" test scenario scripts was updated from 0600 to 0640 in alignment to the respective rule.
• It was included new test scenarios checking stricter permissions.

Rationale:

Ansible remediation fixed.
Better test scenario scripts.

Review Hints:

Example of automatus command for a RHEL8 VM:

./tests/automatus.py rule --libvirt qemu:///session <RHEL8 VM> --datastream build/ssg-rhel8-ds.xml --dontclean --remediate-using ansible rsyslog_files_permissions

Checking the resulted Ansible Playbook could also be interesting during the review.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment

Oracle Linux 8 Environment

[codeclimate]

Code Climate has analyzed commit 022a81b and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 52.4% (0.0% change).

View more on Code Climate.