Skip to content

Remove package-07 test #149

Closed
Closed
Remove package-07 test#149
@rndmh3ro

Description

@rndmh3ro
rndmh3ro
opened on Feb 7, 2021

I propose to remove package-07 test:

control 'package-07' do
  impact 1.0
  title 'Install syslog server package'
  desc 'Syslog server is required to receive system and applications logs'
  # Fedora doesn't install with a syslogger out of the box and instead uses
  # systemd journal; as there is there is no affinity towards either rsyslog
  # or syslog-ng, we'll skip this check on Fedora hosts.
  only_if { os.name != 'fedora' && !container_execution }
  describe package(val_syslog_pkg) do
    it { should be_installed }
  end
end

Reasons:

  • Most modern OS use journald instead of syslog now
  • Merely having syslog installed does not provide any additonal security. Logs should be send to another system to make them temper-proof. If they only exist on the server where they originated, an attacker can easily alter them.
  • Since there are a myriad of options available to send logs to other systems, I see no easy and reliable way to test wether logs are sent to another sytem.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions