From b38f6629ee59b6531d8c4be1cb31e83b5dfde54c Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Fri, 11 Sep 2020 15:51:24 +0200
Subject: [PATCH 1/2] add ocil

---
 .../rsyslog_nolisten/rule.yml                       | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
index 6785ebcc86..6a3495f80e 100644
--- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
@@ -41,3 +41,16 @@ references:
     cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9
     stigid@rhel7: RHEL-07-031010
     cis@rhel8: 4.2.1.6
+
+ocil_clause: "rsyslog accepts remote messages"
+
+ocil: |-
+    Display the contents of the configuration file:
+    <pre>cat /etc/rsyslog.conf</pre>
+    Make sure that following lines are not present in the configuration:
+    <pre>$ModLoad imtcp
+    $InputTCPServerRun <i>port</i>
+    $ModLoad imudp
+    $UDPServerRun <i>port</i>
+    $ModLoad imrelp
+    $InputRELPServerRun <i>port</i></pre>

From 6959ddb2dbc12d4fa2ff7f6ee9e71820d5dde0f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matej.tyc@gmail.com>
Date: Wed, 16 Sep 2020 11:58:21 +0200
Subject: [PATCH 2/2] Fix text according to review feedback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Jan Černý <jcerny@redhat.com>
---
 .../rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
index 6a3495f80e..f529cbca89 100644
--- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
@@ -47,7 +47,7 @@ ocil_clause: "rsyslog accepts remote messages"
 ocil: |-
     Display the contents of the configuration file:
     <pre>cat /etc/rsyslog.conf</pre>
-    Make sure that following lines are not present in the configuration:
+    Make sure that the following lines are not present in the output:
     <pre>$ModLoad imtcp
     $InputTCPServerRun <i>port</i>
     $ModLoad imudp