Added remediation and tests for the rule permissions_local_var_log_audit

linux_os/guide/system/permissions/permissions_local/permissions_local_var_log_audit/ansible/shared.yml

@@ -0,0 +1,37 @@
+# platform = multi_platform_sle,multi_platform_slmicro
+# reboot = false
+# complexity = low
+# strategy = configure
+# disruption = low
+
+{{{ ansible_lineinfile(msg='Configure permission for /var/log/audit', path='/etc/permissions.local', regex='^\/var\/log\/audit\s+root.*', insensitive=false, new_line='/var/log/audit root:root 600', create='yes', state='present', register='update_permissions_var_log_audit') }}}
+
+- name: "Correct file permissions after update /var/log/audit"
+  shell: >
+    set -o pipefail
+    chkstat --set --system
+  when: update_update_permissions_var_log_audit.changed
+
+{{{ ansible_lineinfile(msg='Configure permission for /var/log/audit.log', path='/etc/permissions.local', regex='^\/var\/log\/audit\/audit.log\s+root.*', insensitive=false, new_line='/var/log/audit/audit.log root:root 600', create='yes', state='present', register='update_permissions_var_log_audit_audit_log') }}}
+
+- name: "Correct file permissions after update /var/log/audit/audit.log"
+  shell: >
+    set -o pipefail
+    chkstat --set --system
+  when: update_permissions_var_log_audit_audit_log.changed
+
+{{{ ansible_lineinfile(msg='Configure permission for /etc/audit/audit.rules', path='/etc/permissions.local', regex='^\/etc\/audit\/audit.rules\s+root.*', insensitive=false, new_line='/etc/audit/audit.rules root:root 640', create='yes', state='present', register='update_permissions_etc_audit_audit_rules') }}}
+
+- name: "Correct file permissions after update /etc/audit/audit.rules"
+  shell: >
+    set -o pipefail
+    chkstat --set --system
+  when: update_permissions_etc_audit_audit_rules.changed
+
+{{{ ansible_lineinfile(msg='Configure permission for /etc/audit/rules.d/audit.rules', path='/etc/permissions.local', regex='^\/etc\/audit\/rules.d\/audit.rules\s+root.*', insensitive=false, new_line='/etc/audit/rules.d/audit.rules root:root 640', create='yes', state='present', register='update_permissions_etc_audit_rules_d_audit_rules') }}}
+
+- name: "Correct file permissions after update /etc/audit/rules.d/audit.rules"
+  shell: >
+    set -o pipefail
+    chkstat --set --system
+  when: update_permissions_etc_audit_rules_d_audit_rules.changed

linux_os/guide/system/permissions/permissions_local/permissions_local_var_log_audit/bash/shared.sh

@@ -0,0 +1,23 @@
+# platform = multi_platform_sle,multi_platform_slmicro
+
+current_permissions_rules=$(grep -i audit /etc/permissions.local)
+if [ ${#current_permissions_rules} -ne 0 ]
+then
+  echo "We will delete existing permissions"
+  sed -ri '/^\/var\/log\/audit\s+root:.*/d' /etc/permissions.local
+  sed -ri '/^\/var\/log\/audit\/audit.log\s+root.*/d' /etc/permissions.local 
+  sed -ri '/^\/etc\/audit\/audit.rules\s+root.*/d' /etc/permissions.local
+  sed -ri '/^\/etc\/audit\/rules.d\/audit.rules\s+root.*/d' /etc/permissions.local
+fi
+echo "There are no permission rules for audit information files and folders. We will add them"
+echo "/var/log/audit root:root 600" >> /etc/permissions.local
+echo "/var/log/audit/audit.log root:root 600" >> /etc/permissions.local
+echo "/etc/audit/audit.rules root:root 640" >> /etc/permissions.local
+echo "/etc/audit/rules.d/audit.rules root:root 640" >> /etc/permissions.local
+
+check_stats=$(chkstat /etc/permissions.local)
+if [ ${#check_stats} -gt 0 ]
+then
+  echo "Audit information files and folders don't have correct permissions.We will set them"
+  chkstat --set /etc/permissions.local
+fi

linux_os/guide/system/permissions/permissions_local/permissions_local_var_log_audit/tests/audit_correct_permissions.pass.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# platform = multi_platform_sle,multi_platform_slmicro
+
+current_permissions_rules=$(grep -i audit /etc/permissions.local)
+if [ ${#current_permissions_rules} -ne 0 ]
+then
+  echo "We will delete existing permissions"
+  sed -ri '/^\/var\/log\/audit\s+root:.*/d' /etc/permissions.local
+  sed -ri '/^\/var\/log\/audit\/audit.log\s+root.*/d' /etc/permissions.local 
+  sed -ri '/^\/etc\/audit\/audit.rules\s+root.*/d' /etc/permissions.local
+  sed -ri '/^\/etc\/audit\/rules.d\/audit.rules\s+root.*/d' /etc/permissions.local
+fi
+echo "There are no permission rules for audit information files and folders. We will add them"
+echo "/var/log/audit root:root 600" >> /etc/permissions.local
+echo "/var/log/audit/audit.log root:root 600" >> /etc/permissions.local
+echo "/etc/audit/audit.rules root:root 640" >> /etc/permissions.local
+echo "/etc/audit/rules.d/audit.rules root:root 640" >> /etc/permissions.local
+
+check_stats=$(chkstat /etc/permissions.local)
+if [ ${#check_stats} -gt 0 ]
+then
+  echo "Audit information files and folders don't have correct permissions.We will set them"
+  chkstat --set /etc/permissions.local
+fi

linux_os/guide/system/permissions/permissions_local/permissions_local_var_log_audit/tests/audit_incorrect_permissions.fail.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# platform = multi_platform_sle,multi_platform_slmicro
+
+for AUDIT_FILE in /var/log/audit /var/log/audit/audit.log /etc/audit/audit.rules /etc/audit/rules.d/audit.rules
+do
+  if [ -f $AUDIT_FILE ]
+  then
+     chown nobody:nobody $AUDIT_FILE
+     chmod 0644 $AUDIT_FILE
+  fi
+done