cis-dil-benchmark-4.2.2.1 not looking for custom configurations in /journald.conf.d/ #128
Description
Describe the bug
cis-dil-benchmark-4.2.2.1 seems to simply be checking etc/systemd/journald.conf with
parse_config_file('/etc/systemd/journald.conf') do
its('Journal') { should include({ 'ForwardToSyslog' => 'yes' }) }
It’s saying we fail this test. However, as per recommendations I see online, we have a separate .conf file in /etc/systemd/journald.conf.d/ that contains:
[Journal]
ForwardToSyslog=true
So as far as I can tell, we do, in fact, have a proper setup, but the inspec report doesn’t see it. Every entry in the journald.conf file is commented out, but that seems to be standard practice. Uncommenting the line #ForwardToSyslog=yes and re-running an inspec run fixes the issue.
Expected behavior
The benchmark should scan /etc/systemd/journald.conf.d/ for custom configuration files since these override what's in /etc/systemd/journald.conf. It should read that configuration file and recognize that it satisfies the requirement.
Actual behavior
results [ |
-- | --
0 {code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed} | 0 {code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed} | 0 { | | code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed | code_desc | Parse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"} | message | expected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", | resource_class | parse_config_file | resource_params | ["/etc/systemd/journald.conf"] | run_time | 0.000724913 | start_time | 2022-09-14T03:59:12+00:00 | status | failed | }
0 {code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed} | 0 { | | code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed | code_desc | Parse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"} | message | expected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", | resource_class | parse_config_file | resource_params | ["/etc/systemd/journald.conf"] | run_time | 0.000724913 | start_time | 2022-09-14T03:59:12+00:00 | status | failed | }
0 { |
code_descParse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}messageexpected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", resource_classparse_config_fileresource_params["/etc/systemd/journald.conf"]run_time0.000724913start_time2022-09-14T03:59:12+00:00statusfailed | code_desc | Parse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"} | message | expected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes", | resource_class | parse_config_file | resource_params | ["/etc/systemd/journald.conf"] | run_time | 0.000724913 | start_time | 2022-09-14T03:59:12+00:00 | status | failed
code_desc | Parse Config File /etc/systemd/journald.conf Journal is expected to include {"ForwardToSyslog" => "yes"}
message | expected {} to include {"ForwardToSyslog" => "yes"} Diff: @@ -1,2 +1 @@ -"ForwardToSyslog" => "yes",
resource_class | parse_config_file
resource_params | ["/etc/systemd/journald.conf"]
run_time | 0.000724913
start_time | 2022-09-14T03:59:12+00:00
status | failed
}
]
Example code
Setup and how to replicate is described above.
OS / Environment
$ uname -rvmpis
Linux 5.4.0-1089-azure #94~18.04.1-Ubuntu SMP Fri Aug 5 12:34:50 UTC 2022 x86_64 x86_64 x86_64
Inspec Version
4.46.13
Baseline Version
https://github.com/dev-sec/cis-dil-benchmark/archive/master.zip