Skip to content

Feature/issue 556 #618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ferricoxide merged 3 commits into from
Jan 15, 2026
Merged

Feature/issue 556 #618

ferricoxide merged 3 commits into from
Jan 15, 2026

Conversation

@ferricoxide
Copy link
Member

@ferricoxide ferricoxide commented Jan 15, 2026

Closes #556

Borrows logic from #557, altering the value for the $ActionSendStreamDriverMode parameter instead of the $ActionSendStreamDriverAuthMode parameter.

Validated on Red Hat and Oracle Enterprise Linux, CentOS Stream and Alma and Rocky Linux 9. Included test-results are from Alma Linux 9:

Execution when value is not present in any files:

----------
          ID: ALMA-09-052710-description
    Function: test.show_notification
      Result: True
     Comment: ----------------------------------------
              STIG Finding ID: ALMA-09-052710
                  The OS must encrypt the transfer of
                  audit records offloaded onto a
                  different system or media from the
                  system being audited via rsyslog
                  logs via rsyslog
              ----------------------------------------
     Started: 16:14:59.823297
    Duration: 0.837 ms
     Changes:
----------
          ID: Fix $ActionSendStreamDriverMode setting in /etc/rsyslog.conf (ALMA-09-052710)
    Function: file.replace
        Name: /etc/rsyslog.conf
      Result: True
     Comment: Changes were made
     Started: 16:14:59.826159
    Duration: 16.692 ms
     Changes:
              ----------
              diff:
                  ---
                  +++
                  @@ -85,3 +85,4 @@
                   # Set per rule ALMA-09-052600
                   $ActionSendStreamDriverAuthMode x509/name

                  +# Set per rule ALMA-09-052710
                  $ActionSendStreamDriverMode 1

----------
          ID: Re-read rsyslog configuration-options (ALMA-09-052710)
    Function: service.running
        Name: rsyslog.service
      Result: True
     Comment: Service restarted
     Started: 16:15:03.713868
    Duration: 1267.397 ms
     Changes:
              ----------
              rsyslog.service:
                  True
------------

Execution when value-correction is required:

----------
          ID: ALMA-09-052710-description
    Function: test.show_notification
      Result: True
     Comment: ----------------------------------------
              STIG Finding ID: ALMA-09-052710
                  The OS must encrypt the transfer of
                  audit records offloaded onto a
                  different system or media from the
                  system being audited via rsyslog
                  logs via rsyslog
              ----------------------------------------
     Started: 16:13:33.362113
    Duration: 1.283 ms
     Changes:
----------
          ID: Fix $ActionSendStreamDriverMode setting in /etc/rsyslog.d/encrypt.conf (ALMA-09-052710)
    Function: file.replace
        Name: /etc/rsyslog.d/encrypt.conf
      Result: True
     Comment: Changes were made
     Started: 16:13:33.365843
    Duration: 18.95 ms
     Changes:
              ----------
              diff:
                  ---
                  +++
                  @@ -1,2 +1,2 @@
                  -$ActionSendStreamDriverMode 0
                  +$ActionSendStreamDriverMode 1
                   $DefaultNetstreamDriver gtls
----------
          ID: Re-read rsyslog configuration-options (ALMA-09-052710)
    Function: service.running
        Name: rsyslog.service
      Result: True
     Comment: Service restarted
     Started: 16:13:35.722623
    Duration: 960.795 ms
     Changes:
              ----------
              rsyslog.service:
                  True
------------

Execution when correct value already set:

----------
          ID: ALMA-09-052710-description
    Function: test.show_notification
      Result: True
     Comment: ----------------------------------------
              STIG Finding ID: ALMA-09-052710
                  The OS must encrypt the transfer of
                  audit records offloaded onto a
                  different system or media from the
                  system being audited via rsyslog
                  logs via rsyslog
              ----------------------------------------
     Started: 16:12:05.467218
    Duration: 0.81 ms
     Changes:
----------
          ID: Fix $ActionSendStreamDriverMode setting in /etc/rsyslog.d/encrypt.conf (ALMA-09-052710)
    Function: file.replace
        Name: /etc/rsyslog.d/encrypt.conf
      Result: True
     Comment: No changes needed to be made
     Started: 16:12:05.470861
    Duration: 7.294 ms
     Changes:
----------
          ID: Re-read rsyslog configuration-options (ALMA-09-052710)
    Function: service.running
        Name: rsyslog.service
      Result: True
     Comment: The service rsyslog.service is already running
     Started: 16:12:05.501285
    Duration: 3282.992 ms
     Changes:

Summary for local
------------

@ferricoxide ferricoxide requested a review from a team January 15, 2026 17:52
@ferricoxide ferricoxide merged commit 0dae9ce into plus3it:master Jan 15, 2026
10 checks passed
@ferricoxide ferricoxide deleted the Feature/Issue_556 branch January 15, 2026 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lorengordon lorengordon lorengordon approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

2 participants

@ferricoxide @lorengordon