Merge pull request #12852 from ericeberry/u2404_61212

Ubuntu 24.04 6.1.2.1.2 Ensure systemd-journal-upload authentication

controls/cis_ubuntu2404.yml

@@ -2300,7 +2300,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: manual
+    rules:
+      - systemd_journal_upload_server_tls
+      - systemd_journal_upload_url
+    status: automated
 
   - id: 6.1.2.1.3
     title: Ensure systemd-journal-upload is enabled and active (Automated)

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/bash/shared.sh

@@ -1,10 +1,23 @@
-# platform = multi_platform_slmicro
+# platform = multi_platform_slmicro,multi_platform_ubuntu
+
+{{% if 'ubuntu' in product %}}
+var_journal_upload_conf_file=/etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+mkdir -p /etc/systemd/journal-upload.conf.d
+touch /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+
+{{{ bash_comment_config_line("/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)", '^ServerKeyFile') }}}
+{{{ bash_comment_config_line("/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)", '^ServerCertificateFile') }}}
+{{{ bash_comment_config_line("/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)", '^TrustedCertificateFile') }}}
+{{% else %}}
+var_journal_upload_conf_file=/etc/systemd/journal-upload.conf
+{{% endif %}}
 
 {{{ bash_instantiate_variables("var_journal_upload_server_key_file") }}}
-{{{ bash_replace_or_append('/etc/systemd/journal-upload.conf', '^ServerKeyFile', "$var_journal_upload_server_key_file", '%s=%s') }}}
+{{{ bash_replace_or_append('$var_journal_upload_conf_file', '^ServerKeyFile', "$var_journal_upload_server_key_file", '%s=%s') }}}
 
 {{{ bash_instantiate_variables("var_journal_upload_server_certificate_file") }}}
-{{{ bash_replace_or_append('/etc/systemd/journal-upload.conf', '^ServerCertificateFile', "$var_journal_upload_server_certificate_file", '%s=%s') }}}
+{{{ bash_replace_or_append('$var_journal_upload_conf_file', '^ServerCertificateFile', "$var_journal_upload_server_certificate_file", '%s=%s') }}}
 
 {{{ bash_instantiate_variables("var_journal_upload_server_trusted_certificate_file") }}}
-{{{ bash_replace_or_append('/etc/systemd/journal-upload.conf', '^TrustedCertificateFile', "$var_journal_upload_server_trusted_certificate_file", '%s=%s') }}}
+{{{ bash_replace_or_append('$var_journal_upload_conf_file', '^TrustedCertificateFile', "$var_journal_upload_server_trusted_certificate_file", '%s=%s') }}}
+

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/oval/shared.xml

@@ -20,7 +20,7 @@
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_systemd_journal_upload_server_key_file" version="2">
-    <ind:filepath>/etc/systemd/journal-upload.conf</ind:filepath>
+    <ind:filepath operation="pattern match">^/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)?$</ind:filepath>
     <ind:pattern operation="pattern match">^\s*ServerKeyFile\s*=\s*(.*)\s*$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
@@ -39,7 +39,7 @@
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_systemd_journal_upload_server_certificate_file" version="2">
-    <ind:filepath>/etc/systemd/journal-upload.conf</ind:filepath>
+    <ind:filepath operation="pattern match">^/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)?$</ind:filepath>
     <ind:pattern operation="pattern match">^\s*ServerCertificateFile\s*=\s*(.*)\s*$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
@@ -58,7 +58,7 @@
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_systemd_journal_upload_server_trusted_certificate_file" version="2">
-    <ind:filepath>/etc/systemd/journal-upload.conf</ind:filepath>
+    <ind:filepath operation="pattern match">^/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)?$</ind:filepath>
     <ind:pattern operation="pattern match">^\s*TrustedCertificateFile\s*=\s*(.*)\s*$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-title: 'Configure systemd-journal-upload TLS parameters: ServerKeyFile,ServerCertificateFile and TrustedCertificateFile'
+title: 'Configure systemd-journal-upload TLS parameters: ServerKeyFile, ServerCertificateFile and TrustedCertificateFile'
 
 description: |-
     {{{ full_name }}} must offload rsyslog messages for networked systems in real time and
@@ -22,7 +22,7 @@ ocil_clause: 'systemd-journal-upload TLS configuration is missing or commented i
 
 ocil: |-
     To ensure logs are sent securely to a remote host, examine the file
-    <tt>/etc/systemd/journal-upload.conf</tt>.
+    <tt>/etc/systemd/journal-upload.conf(.d/*.conf)</tt>.
     ServerKeyFile should be present:
     <pre>ServerKeyFile={{{ xccdf_value("var_journal_upload_server_key_file") }}}</pre>
     ServerCertificateFile should be present:

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/tests/empty-conf-file.fail.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# variables = var_journal_upload_server_key_file=/etc/ssl/private/journal-upload.pem,var_journal_upload_server_certificate_file=/etc/ssl/certs/journal-upload.pem,var_journal_upload_server_trusted_certificate_file=/etc/ssl/ca/trusted.pem
+
+{{{ bash_comment_config_line("/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)", '^ServerKeyFile') }}}
+{{{ bash_comment_config_line("/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)", '^ServerCertificateFile') }}}
+{{{ bash_comment_config_line("/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)", '^TrustedCertificateFile') }}}
+

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/tests/journald-conf-d.pass.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_server_key_file=/etc/ssl/private/journal-upload.pem,var_journal_upload_server_certificate_file=/etc/ssl/certs/journal-upload.pem,var_journal_upload_server_trusted_certificate_file=/etc/ssl/ca/trusted.pem
+
+a_settings=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/tests/journald-conf-mixed.fail.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_server_key_file=/etc/ssl/private/journal-upload.pem,var_journal_upload_server_certificate_file=/etc/ssl/certs/journal-upload.pem,var_journal_upload_server_trusted_certificate_file=/etc/ssl/ca/trusted.pem
+
+a_settings=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload1.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload1.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted1.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi
+
+a_settings1=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf; then
+    printf '%s\n' "" "${a_settings1[@]}" >> /etc/systemd/journal-upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings1[@]}" >> /etc/systemd/journal-upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/tests/journald-conf-servercert-missing.fail.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_server_key_file=/etc/ssl/private/journal-upload.pem,var_journal_upload_server_certificate_file=/etc/ssl/certs/journal-upload.pem,var_journal_upload_server_trusted_certificate_file=/etc/ssl/ca/trusted.pem
+
+a_settings=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+     "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/tests/journald-conf-servercert.fail.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_server_key_file=/etc/ssl/private/journal-upload.pem,var_journal_upload_server_certificate_file=/etc/ssl/certs/journal-upload.pem,var_journal_upload_server_trusted_certificate_file=/etc/ssl/ca/trusted.pem
+
+a_settings=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload1.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/tests/journald-conf-serverkey-missing.fail sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_server_key_file=/etc/ssl/private/journal-upload.pem,var_journal_upload_server_certificate_file=/etc/ssl/certs/journal-upload.pem,var_journal_upload_server_trusted_certificate_file=/etc/ssl/ca/trusted.pem
+
+a_settings=("URL=192.168.50.42"  \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/tests/journald-conf-serverkey.fail sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_server_key_file=/etc/ssl/private/journal-upload.pem,var_journal_upload_server_certificate_file=/etc/ssl/certs/journal-upload.pem,var_journal_upload_server_trusted_certificate_file=/etc/ssl/ca/trusted.pem
+
+a_settings=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload1.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/tests/journald-conf-trustedcert-missing.fail.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_server_key_file=/etc/ssl/private/journal-upload.pem,var_journal_upload_server_certificate_file=/etc/ssl/certs/journal-upload.pem,var_journal_upload_server_trusted_certificate_file=/etc/ssl/ca/trusted.pem
+
+a_settings=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/tests/journald-conf-trustedcert.fail.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_server_key_file=/etc/ssl/private/journal-upload.pem,var_journal_upload_server_certificate_file=/etc/ssl/certs/journal-upload.pem,var_journal_upload_server_trusted_certificate_file=/etc/ssl/ca/trusted.pem
+
+a_settings=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted1.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_server_tls/tests/journald-conf.pass.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# variables = var_journal_upload_server_key_file=/etc/ssl/private/journal-upload.pem,var_journal_upload_server_certificate_file=/etc/ssl/certs/journal-upload.pem,var_journal_upload_server_trusted_certificate_file=/etc/ssl/ca/trusted.pem
+
+a_settings=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -f /etc/systemd/journal-upload.conf/ ] && touch /etc/systemd/journal-upload.conf
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_url/bash/shared.sh

@@ -1,4 +1,15 @@
-# platform = multi_platform_slmicro
+# platform = multi_platform_slmicro,multi_platform_ubuntu
+
+{{% if 'ubuntu' in product %}}
+var_journal_upload_conf_file=/etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+mkdir -p /etc/systemd/journal-upload.conf.d
+touch /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+
+{{{ bash_comment_config_line("/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)", '^URL') }}}
+{{% else %}}
+var_journal_upload_conf_file=/etc/systemd/journal-upload.conf
+{{% endif %}}
 
 {{{ bash_instantiate_variables("var_journal_upload_url") }}}
-{{{ bash_replace_or_append('/etc/systemd/journal-upload.conf', '^URL', "$var_journal_upload_url", '%s=%s') }}}
+{{{ bash_replace_or_append('$var_journal_upload_conf_file', '^URL', "$var_journal_upload_url", '%s=%s') }}}
+

linux_os/guide/system/logging/journald/systemd_journal_upload_url/oval/shared.xml

@@ -13,7 +13,7 @@
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_test_systemd_journal_upload_url" version="2">
-    <ind:filepath>/etc/systemd/journal-upload.conf</ind:filepath>
+    <ind:filepath operation="pattern match">^/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)?$</ind:filepath>
     <ind:pattern operation="pattern match">^\s*URL\s*=\s*(.*)\s*$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>

linux_os/guide/system/logging/journald/systemd_journal_upload_url/rule.yml

@@ -23,9 +23,9 @@ ocil_clause: 'systemd-journal-upload URL is missing or commented in /etc/systemd
 
 ocil: |-
     To ensure logs are sent to a remote host, examine the file
-    <tt>/etc/systemd/journal-upload.conf</tt>.
+    <tt>/etc/systemd/journal-upload.conf(.d/*.conf)</tt>.
     URL should be present:
     <pre>URL={{{ xccdf_value("var_journal_upload_url") }}}</pre>
 
 fixtext: |-
-    Configure systemd-journal-upload URL to {{{ xccdf_value("var_journal_upload_url") }}}
+   Configure systemd-journal-upload URL to {{{ xccdf_value("var_journal_upload_url") }}}

linux_os/guide/system/logging/journald/systemd_journal_upload_url/tests/empty-conf-file-url.fail.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# variables = var_journal_upload_url=192.168.50.42
+
+{{{ bash_comment_config_line("/etc/systemd/journal-upload.conf(\.d/[^/]+\.conf)", '^URL') }}}
+

linux_os/guide/system/logging/journald/systemd_journal_upload_url/tests/journald-conf-d-url.pass.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_url=192.168.50.42
+
+a_settings=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_url/tests/journald-conf-mixed-url.fail.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_url=192.168.50.42
+
+a_settings=("URL=192.168.50.41" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi
+
+a_settings1=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf; then
+    printf '%s\n' "" "${a_settings1[@]}" >> /etc/systemd/journal-upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings1[@]}" >> /etc/systemd/journal-upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_url/tests/journald-conf-url-missing.fail.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_url=192.168.50.42
+
+a_settings=("ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+     "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_url/tests/journald-conf-url.fail.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# platform = multi_platform_ubuntu
+# variables = var_journal_upload_url=192.168.50.42
+
+a_settings=("URL=192.168.50.41" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -d /etc/systemd/journal-upload.conf.d/ ] && mkdir /etc/systemd/journal-upload.conf.d/
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf.d/60-journald_upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf.d/60-journald_upload.conf
+fi

linux_os/guide/system/logging/journald/systemd_journal_upload_url/tests/journald-conf-url.pass.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+# packages = systemd-journal-remote
+# variables = var_journal_upload_url=192.168.50.42
+
+a_settings=("URL=192.168.50.42" "ServerKeyFile=/etc/ssl/private/journal-upload.pem" \
+    "ServerCertificateFile=/etc/ssl/certs/journal-upload.pem" "TrustedCertificateFile=/etc/ssl/ca/trusted.pem")
+[ ! -f /etc/systemd/journal-upload.conf ] && mkdir /etc/systemd/journal-upload.conf
+if grep -Psq -- '^\h*\[Upload\]' /etc/systemd/journal-upload.conf; then
+    printf '%s\n' "" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf
+else
+    printf '%s\n' "" "[Upload]" "${a_settings[@]}" >> /etc/systemd/journal-upload.conf
+fi