From b38f6629ee59b6531d8c4be1cb31e83b5dfde54c Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Fri, 11 Sep 2020 15:51:24 +0200
Subject: [PATCH 1/2] add ocil
---
.../rsyslog_nolisten/rule.yml | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
index 6785ebcc86..6a3495f80e 100644
--- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
@@ -41,3 +41,16 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9
stigid@rhel7: RHEL-07-031010
cis@rhel8: 4.2.1.6
+
+ocil_clause: "rsyslog accepts remote messages"
+
+ocil: |-
+ Display the contents of the configuration file:
+ <pre>cat /etc/rsyslog.conf</pre>
+ Make sure that following lines are not present in the configuration:
+ <pre>$ModLoad imtcp
+ $InputTCPServerRun <i>port</i>
+ $ModLoad imudp
+ $UDPServerRun <i>port</i>
+ $ModLoad imrelp
+ $InputRELPServerRun <i>port</i></pre>
From 6959ddb2dbc12d4fa2ff7f6ee9e71820d5dde0f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matej.tyc@gmail.com>
Date: Wed, 16 Sep 2020 11:58:21 +0200
Subject: [PATCH 2/2] Fix text according to review feedback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Co-authored-by: Jan Černý <jcerny@redhat.com>
---
.../rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
index 6a3495f80e..f529cbca89 100644
--- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
@@ -47,7 +47,7 @@ ocil_clause: "rsyslog accepts remote messages"
ocil: |-
Display the contents of the configuration file:
<pre>cat /etc/rsyslog.conf</pre>
- Make sure that following lines are not present in the configuration:
+ Make sure that the following lines are not present in the output:
<pre>$ModLoad imtcp
$InputTCPServerRun <i>port</i>
$ModLoad imudp