Rule 4.2.2.6 and 4.2.2.7 rsyslog config

[zac90]

Describe the Issue
The playbook has the option to specify whether the host is a log server or not ubtu22cis_system_is_log_server which is good. However, there is no option to specify the host just keeping logs locally. This affects the settings it configures in /etc/rsyslog.conf and causes an audit to fail as it finds those lines in the file

Expected Behavior
The following lines should either no appear or be commented out if the host is keeping logs to itself.
$ModLoad imtcp
$InputTCPServerRun port
$ModLoad imudp
$UDPServerRun port
$ModLoad imrelp
$InputRELPServerRun port

Actual Behavior
The host is setting up ports to listen on.

Control(s) Affected
4.2.2.6 and 4.2.2.7

Possible Solution
Add another variable option for when host keeps logs itself. That way rsyslog can be configured to not be listening on any ports. Then add a task that comments out those lines if that variable is set.

[uk-bolly]

hi @zac90

Thank you for taking the time to raise the issues and provide the feedback. For this issue regarding the rsyslog we follow CIS control rules to keep locally is not one of the options to be compliant i'm afraid. Although you have highlighted some options that they have not yet updated in their documentation. I am currently adding these as options to ensure they are commented out.
This will hopefully be into the devel branch soon.

Many thanks

uk-bolly