Re: [Open-scap] syslog-ng setting issue in debian 8

2018-08-29 Thread Watson Yuuma Sato

On 29/08/18 11:35, Dhanushka Parakrama wrote:

Hi  Watson



On Wed, 29 Aug 2018 at 14:51, Watson Yuuma Sato > wrote:


On 29/08/18 11:05, Dhanushka Parakrama wrote:

Hi  Team


Hello Dhanushka,

What version of SSG are you using?
This looks like a bug on 0.1.40 release, the package and service
names used in bash remediation for syslog-ng are different than
your commands, we use "syslogng" for package and service name.

Would you be willing to propose a fix for that?
These are the files that would need to be changed:

https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/templates/csv/packages_installed.csv

https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/templates/csv/services_enabled.csv

I have send the Pull request for those files


Thanks, they have been merged.

Tip: as these changes were closely related they could have been done in 
the same PR, easier for submitter and reviewer.


Thanks again.




We have ran the scan for debian 8 using below command

*oscap  xccdf eval   --profile
xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report
report.html  ssg-debian8-ds.xml*

Got alerts as below ,
==
image.png


To Fixed it we ran the below commands as suggested by the report

* apt-get install syslog-ng-core

* systemctl status syslog-ng

● syslog-ng.service - System Logger Daemon
   Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled)
   Active: active (running) since Tue 2018-08-28 15:04:28 IST;
23h ago
     Docs: man:syslog-ng(8)
  Process: 16275 ExecReload=/bin/kill -HUP $MAINPID (code=exited,
status=0/SUCCESS)
 Main PID: 14555 (syslog-ng)
   CGroup: /system.slice/syslog-ng.service
           └─14555 /usr/sbin/syslog-ng -F

Aug 28 15:04:28 oscapserver systemd[1]: Starting System Logger
Daemon...
Aug 28 15:04:28 oscapserver systemd[1]: Started System Logger Daemon.
Aug 29 06:25:03 oscapserver systemd[1]: Reloading System Logger
Daemon.
Aug 29 06:25:03 oscapserver systemd[1]: Reloaded System Logger
Daemon.


But even after we ran the scan after fixing it Report still shows as

Ensure syslog-ng is installed -> FAILED
Ensure Syslog-ng Service ->  FAILED


Is there any reason for that ?


___
Open-scap-list mailing list
Open-scap-list@redhat.com 
https://www.redhat.com/mailman/listinfo/open-scap-list



-- 
Watson Sato

Security Technologies | Red Hat, Inc

___
Open-scap-list mailing list
Open-scap-list@redhat.com 
https://www.redhat.com/mailman/listinfo/open-scap-list



--
Watson Sato
Security Technologies | Red Hat, Inc

___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] syslog-ng setting issue in debian 8

2018-08-29 Thread Dhanushka Parakrama
Hi  Watson



On Wed, 29 Aug 2018 at 14:51, Watson Yuuma Sato  wrote:

> On 29/08/18 11:05, Dhanushka Parakrama wrote:
>
> Hi  Team
>
>
> Hello Dhanushka,
>
> What version of SSG are you using?
> This looks like a bug on 0.1.40 release, the package and service names
> used in bash remediation for syslog-ng are different than your commands, we
> use "syslogng" for package and service name.
>
> Would you be willing to propose a fix for that?
> These are the files that would need to be changed:
>
> https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/templates/csv/packages_installed.csv
>
> https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/templates/csv/services_enabled.csv
>
> I have send the Pull request for those files

>
> We have ran the scan for debian 8 using below command
>
> *oscap  xccdf eval   --profile
> xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report
> report.html  ssg-debian8-ds.xml*
>
> Got alerts as below ,
> ==
> [image: image.png]
>
>
> To Fixed it we ran the below commands as suggested by the report
>
> * apt-get install syslog-ng-core
>
> * systemctl status syslog-ng
>
> ● syslog-ng.service - System Logger Daemon
>Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled)
>Active: active (running) since Tue 2018-08-28 15:04:28 IST; 23h ago
>  Docs: man:syslog-ng(8)
>   Process: 16275 ExecReload=/bin/kill -HUP $MAINPID (code=exited,
> status=0/SUCCESS)
>  Main PID: 14555 (syslog-ng)
>CGroup: /system.slice/syslog-ng.service
>└─14555 /usr/sbin/syslog-ng -F
>
> Aug 28 15:04:28 oscapserver systemd[1]: Starting System Logger Daemon...
> Aug 28 15:04:28 oscapserver systemd[1]: Started System Logger Daemon.
> Aug 29 06:25:03 oscapserver systemd[1]: Reloading System Logger Daemon.
> Aug 29 06:25:03 oscapserver systemd[1]: Reloaded System Logger Daemon.
>
>
> But even after we ran the scan after fixing it  Report still shows as
>
> Ensure syslog-ng is installed -> FAILED
> Ensure Syslog-ng Service ->  FAILED
>
>
> Is there any reason for that ?
>
>
> ___
> Open-scap-list mailing 
> listOpen-scap-list@redhat.comhttps://www.redhat.com/mailman/listinfo/open-scap-list
>
>
> --
> Watson Sato
> Security Technologies | Red Hat, Inc
>
> ___
> Open-scap-list mailing list
> Open-scap-list@redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] syslog-ng setting issue in debian 8

2018-08-29 Thread Watson Yuuma Sato

On 29/08/18 11:05, Dhanushka Parakrama wrote:

Hi  Team


Hello Dhanushka,

What version of SSG are you using?
This looks like a bug on 0.1.40 release, the package and service names 
used in bash remediation for syslog-ng are different than your commands, 
we use "syslogng" for package and service name.


Would you be willing to propose a fix for that?
These are the files that would need to be changed:
https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/templates/csv/packages_installed.csv
https://github.com/OpenSCAP/scap-security-guide/blob/master/debian8/templates/csv/services_enabled.csv



We have ran the scan for debian 8 using below command

*oscap  xccdf eval   --profile 
xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report 
report.html  ssg-debian8-ds.xml*


Got alerts as below ,
==
image.png


To Fixed it we ran the below commands as suggested by the report

* apt-get install syslog-ng-core

* systemctl status syslog-ng

● syslog-ng.service - System Logger Daemon
   Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled)
   Active: active (running) since Tue 2018-08-28 15:04:28 IST; 23h ago
     Docs: man:syslog-ng(8)
  Process: 16275 ExecReload=/bin/kill -HUP $MAINPID (code=exited, 
status=0/SUCCESS)

 Main PID: 14555 (syslog-ng)
   CGroup: /system.slice/syslog-ng.service
           └─14555 /usr/sbin/syslog-ng -F

Aug 28 15:04:28 oscapserver systemd[1]: Starting System Logger Daemon...
Aug 28 15:04:28 oscapserver systemd[1]: Started System Logger Daemon.
Aug 29 06:25:03 oscapserver systemd[1]: Reloading System Logger Daemon.
Aug 29 06:25:03 oscapserver systemd[1]: Reloaded System Logger Daemon.


But even after we ran the scan after fixing it  Report still shows as

Ensure syslog-ng is installed -> FAILED
Ensure Syslog-ng Service ->  FAILED


Is there any reason for that ?


___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list



--
Watson Sato
Security Technologies | Red Hat, Inc

___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

[Open-scap] syslog-ng setting issue in debian 8

2018-08-29 Thread Dhanushka Parakrama
Hi  Team

We have ran the scan for debian 8 using below command

*oscap  xccdf eval   --profile
xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report
report.html  ssg-debian8-ds.xml*

Got alerts as below ,
==
[image: image.png]


To Fixed it we ran the below commands as suggested by the report

* apt-get install syslog-ng-core

* systemctl status syslog-ng

● syslog-ng.service - System Logger Daemon
   Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled)
   Active: active (running) since Tue 2018-08-28 15:04:28 IST; 23h ago
 Docs: man:syslog-ng(8)
  Process: 16275 ExecReload=/bin/kill -HUP $MAINPID (code=exited,
status=0/SUCCESS)
 Main PID: 14555 (syslog-ng)
   CGroup: /system.slice/syslog-ng.service
   └─14555 /usr/sbin/syslog-ng -F

Aug 28 15:04:28 oscapserver systemd[1]: Starting System Logger Daemon...
Aug 28 15:04:28 oscapserver systemd[1]: Started System Logger Daemon.
Aug 29 06:25:03 oscapserver systemd[1]: Reloading System Logger Daemon.
Aug 29 06:25:03 oscapserver systemd[1]: Reloaded System Logger Daemon.


But even after we ran the scan after fixing it  Report still shows as

Ensure syslog-ng is installed -> FAILED
Ensure Syslog-ng Service ->  FAILED


Is there any reason for that ?
___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list