It appears the requirement check /etc/rsyslog.conf for an entry such as
*.* @*loghost.example.com*
or
*.* @@*loghost.example.com*
<ind:textfilecontent54_object id="oval:ssg:obj:1907" version="1">
<ind:path>/etc</ind:path>
<ind:filename>rsyslog.conf</ind:filename>
<ind:pattern operation="pattern
match">^\*\.\*[\s]+(?:@|\:omrelp\:)</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
However in my case, we utilize multiple .conf files under /etc/rsyslog.d
for destinations (log aggregators, etc...)
I'm guessing the scap software doesn't follow include Directives?
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
