Merge pull request ComplianceAsCode#12645 from jan-cerny/ensure_logro…

…tate_activated Update ensure_logrotate_activated for image mode
sig-bsi-grundschutz · Dec 2, 2024 · 4c8b22c · 4c8b22c
2 parents 04acb05 + f548a06
commit 4c8b22c
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/bash/shared.sh b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/bash/shared.sh
@@ -4,6 +4,7 @@ LOGROTATE_CONF_FILE="/etc/logrotate.conf"
 {{% if 'sle' in product %}}
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
 {{% else %}}
+{{{ bash_package_install("crontabs") }}}
 CRON_DAILY_LOGROTATE_FILE="/etc/cron.daily/logrotate"
 {{% endif %}}
 

diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml
@@ -11,8 +11,8 @@
       test_ref="test_logrotate_conf_no_other_keyword" />
       <criteria comment="Check if either logrotate timer or cron job is enabled" operator="OR">
         <criterion comment="Check if /etc/cron.daily/logrotate file exists (and calls logrotate)" test_ref="test_cron_daily_logrotate_existence" />
-{{% if product in ["rhcos4", "rhel9", "sle12", "sle15","ol9"] %}}
-        <extend_definition comment="Check if logrotate timer is being enabled" definition_ref="timer_logrotate_enabled" />
+{{% if product in ["rhcos4", "rhel9", "rhel10", "sle12", "sle15", "ol9"] %}}
+        <criterion comment="Check if logrotate timer is enabled" test_ref="test_logrotate_enabled_multi_user_target" />
 {{% endif %}}
       </criteria>
     </criteria>
@@ -54,4 +54,22 @@
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
 
+{{% if product in ["rhcos4", "rhel9", "rhel10", "sle12", "sle15", "ol9"] %}}
+  <unix:file_test check="all" check_existence="all_exist"
+   comment="look for logrotate.timer in /etc/systemd/system/multi-user.target.wants"
+   id="test_logrotate_enabled_multi_user_target" version="1">
+    <unix:object object_ref="object_logrotate_enabled_multi_user_target" />
+  </unix:file_test>
+
+  <unix:file_object comment="look for logrotate.timer in /etc/systemd/system/multi-user.target.wants"
+   id="object_logrotate_enabled_multi_user_target" version="1">
+    <unix:filepath>/etc/systemd/system/multi-user.target.wants/logrotate.timer</unix:filepath>
+    <filter action="include">unit_logrotate_state_symlink</filter>
+  </unix:file_object>
+
+  <unix:file_state id="unit_logrotate_state_symlink" version="1">
+    <unix:type operation="equals">symbolic link</unix:type>
+  </unix:file_state>
+{{% endif %}}
+
 </def-group>