Skip to content

Commit

Permalink
Fix rsyslog file test - use Jinja variable for group name
Browse files Browse the repository at this point in the history
  • Loading branch information
Paul Rensing committed Oct 27, 2023
1 parent 661f48b commit a6a80c6
Showing 1 changed file with 11 additions and 28 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,32 +2,24 @@ documentation_complete: true

title: 'Ensure Log Files Are Owned By Appropriate Group'

description: |-
The group-owner of all log files written by
<tt>rsyslog</tt> should be
{{% if 'debian' in product or 'ubuntu' in product %}}
<tt>adm</tt>.
{{% if "ubuntu" in product or "debian" in product %}}
{{% set target_group="adm" %}}
{{% else %}}
<tt>root</tt>.
{{% set target_group="root" %}}
{{% endif %}}

description: |-
The group-owner of all log files written by
<tt>rsyslog</tt> should be <tt>{{{ target_group }}}</tt>.
These log files are determined by the second part of each Rule line in
<tt>/etc/rsyslog.conf</tt> and typically all appear in <tt>/var/log</tt>.
For each log file <i>LOGFILE</i> referenced in <tt>/etc/rsyslog.conf</tt>,
run the following command to inspect the file's group owner:
<pre>$ ls -l <i>LOGFILE</i></pre>
If the owner is not
{{% if 'debian' in product or 'ubuntu' in product %}}
<tt>adm</tt>,
{{% else %}}
<tt>root</tt>,
{{% endif %}}
If the owner is not <tt>{{{ target_group }}}</tt>,
run the following command to
correct this:
{{% if 'debian' in product or 'ubuntu' in product %}}
<pre>$ sudo chgrp adm <i>LOGFILE</i></pre>
{{% else %}}
<pre>$ sudo chgrp root <i>LOGFILE</i></pre>
{{% endif %}}
<pre>$ sudo chgrp {{{ target_group }}} <i>LOGFILE</i></pre>
rationale: |-
The log files generated by rsyslog contain valuable information regarding system
Expand Down Expand Up @@ -65,11 +57,7 @@ ocil_clause: 'the group-owner is not correct'

ocil: |-
The group-owner of all log files written by <tt>rsyslog</tt> should be
{{% if 'debian' in product or 'ubuntu' in product %}}
<tt>adm</tt>.
{{% else %}}
<tt>root</tt>.
{{% endif %}}
<tt>{{{ target_group }}}</tt>.
These log files are determined by the second part of each Rule line in
<tt>/etc/rsyslog.conf</tt> and typically all appear in <tt>/var/log</tt>.
To see the group-owner of a given log file, run the following command:
Expand All @@ -79,9 +67,4 @@ template:
name: rsyslog_logfiles_attributes_modify
vars:
attribute: groupowner
value: root
value@debian10: adm
value@debian11: adm
value@ubuntu1604: adm
value@ubuntu2004: adm
value@ubuntu2204: adm
value: {{{ target_group }}}

0 comments on commit a6a80c6

Please sign in to comment.