Adjust conflicting requirements

There are conflicting requirements regarding journald and rsyslog. JournalD is the default preference for RHEL 9. Aligned the draft control file for RHEL 10 with CIS RHEL 9 v2.0.0. Signed-off-by: Marcus Burghardt <[email protected]>
ComplianceAsCode · Jun 19, 2024 · 56eac7c · 56eac7c
1 parent 73f2091
commit 56eac7c
Showing 1 changed file with 13 additions and 10 deletions.
diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml
@@ -2317,6 +2317,7 @@ controls:
     status: pending
     notes: |-
       It is necessary to create a new rule to check the status of journald and rsyslog.
+      It would also be necessary a new rule to disable or remove rsyslog.
 
   - id: 6.2.2.1.1
     title: Ensure systemd-journal-remote is installed (Automated)
@@ -2387,35 +2388,35 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: automated
-    rules:
+    status: supported
+    related_rules:
       - package_rsyslog_installed
 
   - id: 6.2.3.2
     title: Ensure rsyslog service is enabled and active (Automated)
     levels:
       - l1_server
       - l1_workstation
-    status: automated
-    rules:
+    status: supported
+    related_rules:
       - service_rsyslog_enabled
 
   - id: 6.2.3.3
     title: Ensure journald is configured to send logs to rsyslog (Automated)
     levels:
       - l1_server
       - l1_workstation
-    status: automated
-    rules:
+    status: supported
+    related_rules:
       - journald_forward_to_syslog
 
   - id: 6.2.3.4
     title: Ensure rsyslog log file creation mode is configured (Automated)
     levels:
       - l1_server
       - l1_workstation
-    status: automated
-    rules:
+    status: supported
+    related_rules:
       - rsyslog_filecreatemode
 
   - id: 6.2.3.5
@@ -2439,8 +2440,8 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: automated
-    rules:
+    status: supported
+    related_rules:
       - rsyslog_nolisten
 
   - id: 6.2.3.8
@@ -2460,6 +2461,8 @@ controls:
       - l1_server
       - l1_workstation
     status: automated
+    notes: |-
+      It is not harmful to run these rules even if rsyslog is not installed or active.
     rules:
       - rsyslog_files_groupownership
       - rsyslog_files_ownership