ComplianceAsCode · Arden97 · Oct 29, 2025 · Oct 31, 2025 · Oct 31, 2025 · Oct 31, 2025
diff --git a/...tem/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/ansible/shared.yml b/...tem/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/ansible/shared.yml
@@ -6,9 +6,9 @@
 
 -   name: "{{{ rule_title }}} - Search if cron configuration exists"
     {{% if 'ol' in families %}}
-    ansible.builtin.command: grep -Pzo '(?m)^\s*(cron|\*)\.\*\s*(/var/log/(cron|messages)|action\(\s*.*(?i:\btype\b)="omfile"\s*.*(?i:\bfile\b)="/var/log/(cron|messages)"\s*\))\s*$' /etc/rsyslog.conf /etc/rsyslog.d/*.conf
+    ansible.builtin.command: grep -Pzo '(?ms)^\s*(cron|\*)\.\*\s*(/var/log/(cron|messages)|action\(\s*.*(?i:\btype\b)="omfile"\s*.*(?i:\bfile\b)="/var/log/(cron|messages)"\s*\))\s*$' /etc/rsyslog.conf /etc/rsyslog.d/*.conf
     {{% else %}}
-    ansible.builtin.command: grep -Pzo '(?m)^\s*cron\.\*\s*(/var/log/cron|action\(\s*.*(?i:\btype\b)="omfile"\s*.*(?i:\bfile\b)="/var/log/cron"\s*\))\s*$' /etc/rsyslog.conf /etc/rsyslog.d/*.conf
+    ansible.builtin.command: grep -Pzo '(?ms)^\s*cron\.\*\s*(/var/log/cron|action\(\s*.*(?i:\btype\b)="omfile"\s*.*(?i:\bfile\b)="/var/log/cron"\s*\))\s*$' /etc/rsyslog.conf /etc/rsyslog.d/*.conf
     {{% endif %}}
     register: cron_log_config_exists
     failed_when: false

diff --git a/.../system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/.../system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
@@ -1,13 +1,8 @@
 # platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 
-{{% if 'ol' in families %}}
-if ! grep -Pzo '(?m)^\s*(cron|\*)\.\*\s*(/var/log/(cron|messages)|action\(\s*.*(?i:\btype\b)="omfile"\s*.*(?i:\bfile\b)="/var/log/(cron|messages)"\s*\))\s*$' /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then
-{{% else %}}
-if ! grep -Pzo '(?m)^\s*cron\.\*\s*(/var/log/cron|action\(\s*.*(?i:\btype\b)="omfile"\s*.*(?i:\bfile\b)="/var/log/cron"\s*\))\s*$' /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then
-{{% endif %}}
-	mkdir -p /etc/rsyslog.d
-	echo "cron.*	/var/log/cron" >> /etc/rsyslog.d/cron.conf
-fi
+{{{ setup_rsyslog_cron_logging() }}}
+
+echo "cron.*	/var/log/cron" >> $RSYSLOG_D_CONF
 
 if {{{ bash_not_bootc_build() }}} ; then
     systemctl restart rsyslog.service

diff --git a/...system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/oval/shared.xml b/...system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/oval/shared.xml
@@ -22,7 +22,8 @@
 
 {{% set legacy_regex = "^[\\s]*cron\\.\\*[\\s]+/var/log/cron\\s*(?:#.*)?$" %}}
 {{# RainerScript keys are case-insensitive #}}
-{{% set rainer_script_regex = "(?m)^\\s*cron\\.\\*\\s+action\\(\\s*.*(?i)\\btype\\b(?-i)=\"omfile\"\\s*.*(?i)\\bfile\\b(?-i)=\"/var/log/cron\"\\s*.*\\)\\s*$" %}}
+{{% set rainer_cron_regex = "(?ms)^\\s*cron\\.\\*\\s+action\\(\\s*.*(?i)\\btype\\b(?-i)=\"omfile\"\\s*.*(?i)\\bfile\\b(?-i)=\"/var/log/cron\"\\s*.*\\)\\s*$" %}}
+{{% set rainer_logging_regex = "(?ms)^[\\s]*\*\.\*[\s]+(/var/log/messages|action\(\s*.*(?i:\btype\b)=\"omfile\"\s*.*(?i:\bfile\b)=\"/var/log/messages\"\s*\))\s*(?:#.*)?$" %}}
 
   <ind:textfilecontent54_test check="all" check_existence="all_exist"
   comment="cron is configured in /etc/rsyslog.conf"
@@ -42,7 +43,7 @@
   </ind:textfilecontent54_test>
   <ind:textfilecontent54_object id="obj_cron_logging_rsyslog_rainer" version="1">
     <ind:filepath>/etc/rsyslog.conf</ind:filepath>
-    <ind:pattern operation="pattern match">{{{ rainer_script_regex }}}</ind:pattern>
+    <ind:pattern operation="pattern match">{{{ rainer_cron_regex }}}</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
 
@@ -66,7 +67,7 @@
   <ind:textfilecontent54_object id="obj_cron_logging_rsyslog_dir_rainer" version="1">
     <ind:path>/etc/rsyslog.d</ind:path>
     <ind:filename operation="pattern match">^.*$</ind:filename>
-    <ind:pattern operation="pattern match">{{{ rainer_script_regex }}}</ind:pattern>
+    <ind:pattern operation="pattern match">{{{ rainer_cron_regex }}}</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
 
@@ -78,7 +79,7 @@
   </ind:textfilecontent54_test>
   <ind:textfilecontent54_object id="obj_cron_logging_rsyslog_logging_all_facilities" version="1">
     <ind:filepath>/etc/rsyslog.conf</ind:filepath>
-    <ind:pattern operation="pattern match">(?m)^[\s]*\*\.\*[\s]+(/var/log/messages|action\(\s*.*(?i:\btype\b)="omfile"\s*.*(?i:\bfile\b)="/var/log/messages"\s*\))\s*(?:#.*)?$</ind:pattern>
+    <ind:pattern operation="pattern match">{{{ rainer_logging_regex }}}</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
 
@@ -90,7 +91,7 @@
   <ind:textfilecontent54_object id="obj_cron_logging_rsyslog_dir_logging_all_facilities" version="1">
     <ind:path>/etc/rsyslog.d</ind:path>
     <ind:filename operation="pattern match">^.*$</ind:filename>
-    <ind:pattern operation="pattern match">(?m)^[\s]*\*\.\*[\s]+(/var/log/messages|action\(\s*.*(?i:\btype\b)="omfile"\s*.*(?i:\bfile\b)="/var/log/messages"\s*\))\s*(?:#.*)?$</ind:pattern>
+    <ind:pattern operation="pattern match">{{{ rainer_logging_regex }}}</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
   {{% endif %}}

@@ -1,15 +1,9 @@
 #!/bin/bash
 # packages = rsyslog
 # platform = multi_platform_ol
+{{{ setup_rsyslog_cron_logging() }}}
 
-. set_cron_logging.sh
-
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FOLDER='/etc/rsyslog.d'
-RSYSLOG_D_FILES=("${RSYSLOG_D_FOLDER}"/*)
-
-mkdir -p "${RSYSLOG_D_FOLDER}"
-rm -rf "${RSYSLOG_D_FILES[@]}"
+rm -rf "$RSYSLOG_D_FOLDER/*.conf"
 truncate -s 0 "${RSYSLOG_CONF}"
 
 echo '*.*    /var/log/messages' >> "${RSYSLOG_CONF}"
@@ -1,14 +1,9 @@
 #!/bin/bash
 # packages = rsyslog
 # platform = multi_platform_ol
-. set_cron_logging.sh
+{{{ setup_rsyslog_cron_logging() }}}
 
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FOLDER='/etc/rsyslog.d'
-RSYSLOG_D_FILE=$RSYSLOG_D_FOLDER'/test.conf'
-
-mkdir -p $RSYSLOG_D_FOLDER
-rm "$RSYSLOG_D_FOLDER/*"
+rm "$RSYSLOG_D_FOLDER/*.conf"
 truncate -s 0 $RSYSLOG_CONF
 
-echo '*.*    /var/log/messages' >> $RSYSLOG_D_FILE
+echo '*.*    /var/log/messages' >> $RSYSLOG_D_CONF
@@ -1,14 +1,5 @@
 #!/bin/bash
 # packages = rsyslog
-
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FILES='/etc/rsyslog.d/*'
-
-# Ensure that rsyslog.conf exists and rsyslog.d folder doesn't contain any file with cron.*
-touch $RSYSLOG_CONF
-for rsyslog_d_file in $RSYSLOG_D_FILES
-do
-	sed -i '/^[[:space:]]*cron\.\*/d' $rsyslog_d_file
-done
+{{{ setup_rsyslog_cron_logging() }}}
 
 echo 'cron.* action(Name="local-cron" Type="omfile" FileCreateMode="0600" FileOwner="root" FileGroup="root" File="/var/log/cron")' >> "$RSYSLOG_CONF"
@@ -1,14 +1,5 @@
 #!/bin/bash
 # packages = rsyslog
-
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FILES='/etc/rsyslog.d/*'
-
-# Ensure that rsyslog.conf exists and rsyslog.d folder doesn't contain any file with cron.*
-touch $RSYSLOG_CONF
-for rsyslog_d_file in $RSYSLOG_D_FILES
-do
-	sed -i '/^[[:space:]]*cron\.\*/d' $rsyslog_d_file
-done
+{{{ setup_rsyslog_cron_logging() }}}
 
 echo 'cron.* action(name="local-cron" type="omfile" fileCreateMode="0600" fileOwner="root" fileGroup="root" file="/var/log/cron")' >> "$RSYSLOG_CONF"
@@ -1,15 +1,6 @@
 #!/bin/bash
 # packages = rsyslog
-
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FILES='/etc/rsyslog.d/*'
-
-# Ensure that rsyslog.conf exists and rsyslog.d folder doesn't contain any file with cron.*
-touch $RSYSLOG_CONF
-for rsyslog_d_file in $RSYSLOG_D_FILES
-do
-	sed -i '/^[[:space:]]*cron\.\*/d' $rsyslog_d_file
-done
+{{{ setup_rsyslog_cron_logging() }}}
 
 cat << EOF >> "$RSYSLOG_CONF"
 cron.* action(

@@ -1,14 +1,5 @@
 #!/bin/bash
 # packages = rsyslog
+{{{ setup_rsyslog_cron_logging() }}}
 
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FOLDER='/etc/rsyslog.d'
-RSYSLOG_D_FILE=$RSYSLOG_D_FOLDER'/test.conf'
-
-# Ensure that rsyslog.d folder exists and contains our 'test.conf' file
-mkdir -p $RSYSLOG_D_FOLDER
-touch $RSYSLOG_D_FILE
-
-sed -i '/^[[:space:]]*cron\.\*/d' $RSYSLOG_CONF
-
-echo 'cron.* action(name="local-cron" type="omfile" FileCreateMode="0600" fileOwner="root" fileGroup="root" File="/var/log/cron")' >> "$RSYSLOG_D_FILE"
+echo 'cron.* action(name="local-cron" type="omfile" FileCreateMode="0600" fileOwner="root" fileGroup="root" File="/var/log/cron")' >> "$RSYSLOG_D_CONF"
@@ -0,0 +1,14 @@
+#!/bin/bash
+# packages = rsyslog
+{{{ setup_rsyslog_cron_logging() }}}
+
+cat << EOF >> "$RSYSLOG_D_CONF"
+cron.* action(
+    name="local-cron"
+    type="omfile"
+    fileCreateMode="0600"
+    fileOwner="root"
+    fileGroup="root"
+    file="/var/log/cron"
+)
+EOF
@@ -1,15 +1,5 @@
 #!/bin/bash
 # packages = rsyslog
-. set_cron_logging.sh
+{{{ setup_rsyslog_cron_logging() }}}
 
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FILES='/etc/rsyslog.d/*'
-
-# Ensure that rsyslog.conf exists and rsyslog.d folder doesn't contain any file with cron.*
-touch $RSYSLOG_CONF
-for rsyslog_d_file in $RSYSLOG_D_FILES
-do
-	sed -i '/^[[:space:]]*cron\.\*/d' $rsyslog_d_file
-done
-
-set_cron_logging $RSYSLOG_CONF
+echo 'cron.*    /var/log/cron' >> $RSYSLOG_CONF
@@ -1,15 +1,5 @@
 #!/bin/bash
 # packages = rsyslog
-. set_cron_logging.sh
+{{{ setup_rsyslog_cron_logging() }}}
 
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FOLDER='/etc/rsyslog.d'
-RSYSLOG_D_FILE=$RSYSLOG_D_FOLDER'/test.conf'
-
-# Ensure that rsyslog.d folder exists and contains our 'test.conf' file
-mkdir -p $RSYSLOG_D_FOLDER
-touch $RSYSLOG_D_FILE
-
-sed -i '/^[[:space:]]*cron\.\*/d' $RSYSLOG_CONF
-
-set_cron_logging $RSYSLOG_D_FILE
+echo 'cron.*    /var/log/cron' >> $RSYSLOG_D_CONF
@@ -1,15 +1,3 @@
 #!/bin/bash
 # packages = rsyslog
-
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FILES='/etc/rsyslog.d/*'
-
-# At least ensure that rsyslog.conf exist
-touch $RSYSLOG_CONF
-
-sed -i '/^[[:space:]]*cron\.\*/d' $RSYSLOG_CONF
-for rsyslog_d_file in $RSYSLOG_D_FILES
-do
-	[ -e "$rsyslog_d_file" ] || continue
-	sed -i '/^[[:space:]]*cron\.\*/d' $rsyslog_d_file
-done
+{{{ setup_rsyslog_cron_logging() }}}
@@ -1,6 +1,5 @@
 #!/bin/bash
 # packages = rsyslog
+{{{ setup_rsyslog_cron_logging() }}}
 
 rm -rf /etc/rsyslog.d
-touch /etc/rsyslog.conf
-sed -i '/^[[:space:]]*cron\.\*/d' /etc/rsyslog.conf
@@ -1,17 +1,6 @@
 #!/bin/bash
 # packages = rsyslog
+{{{ setup_rsyslog_cron_logging() }}}
 
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FILES='/etc/rsyslog.d/*'
-
-# Ensure that rsyslog.conf exists and rsyslog.d folder doesn't contain any file with cron.*
-touch $RSYSLOG_CONF
-for rsyslog_d_file in $RSYSLOG_D_FILES
-do
-	sed -i '/^[[:space:]]*cron\.\*/d' $rsyslog_d_file
-done
-
-# If there's cron.* line, then remove it
-sed -i '/^[[:space:]]*cron\.\*/d' $RSYSLOG_CONF
 # Add cron.* that logs into wrong file
 echo 'cron.* action(name="local-cron" type="omfile" fileCreateMode="0600" fileOwner="root" fileGroup="root" file="/tmp/log/cron")' >> "$RSYSLOG_CONF"
@@ -1,18 +1,7 @@
 #!/bin/bash
 # packages = rsyslog
+{{{ setup_rsyslog_cron_logging() }}}
 
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FILES='/etc/rsyslog.d/*'
-
-# Ensure that rsyslog.conf exists and rsyslog.d folder doesn't contain any file with cron.*
-touch $RSYSLOG_CONF
-for rsyslog_d_file in $RSYSLOG_D_FILES
-do
-	sed -i '/^[[:space:]]*cron\.\*/d' $rsyslog_d_file
-done
-
-# If there's cron.* line, then remove it
-sed -i '/^[[:space:]]*cron\.\*/d' $RSYSLOG_CONF
 # Add cron.* that logs into wrong file
 cat << EOF >> "$RSYSLOG_CONF"
 cron.* action(

@@ -1,18 +1,6 @@
 #!/bin/bash
 # packages = rsyslog
-. set_cron_logging.sh
+{{{ setup_rsyslog_cron_logging() }}}
 
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FILES='/etc/rsyslog.d/*'
-
-# Ensure that rsyslog.conf exists and rsyslog.d folder doesn't contain any file with cron.*
-touch $RSYSLOG_CONF
-for rsyslog_d_file in $RSYSLOG_D_FILES
-do
-	sed -i '/^[[:space:]]*cron\.\*/d' $rsyslog_d_file
-done
-
-# If there's cron.* line, then remove it
-sed -i '/^[[:space:]]*cron\.\*/d' $RSYSLOG_CONF
 # Add cron.* that logs into wrong file
 echo "cron.*        /tmp/log/cron" >> $RSYSLOG_CONF
diff --git a/..._file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh b/..._file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
@@ -3,9 +3,8 @@
 # strategy = configure
 # complexity = low
 # disruption = low
+{{{ setup_rsyslog_encrypt_offload_actionsendstreamdriverauthmode() }}}
 
-sed -i '/^.*\$ActionSendStreamDriverAuthMode.*/d' /etc/rsyslog.conf /etc/rsyslog.d/*.conf 2> /dev/null
-
-{{{ set_config_file(path="/etc/rsyslog.d/stream_driver_auth.conf",
+{{{ set_config_file(path="$RSYSLOG_D_CONF",
              parameter="\$ActionSendStreamDriverAuthMode", value="x509/name", create=true, separator=" ", separator_regex=" ", rule_id=rule_id)
 }}}
diff --git a/...file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/oval/shared.xml b/...file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/oval/shared.xml
@@ -16,7 +16,7 @@
     </definition>
 
 {{% set legacy_regex = "^\\$ActionSendStreamDriverAuthMode x509/name$" %}}
-{{% set rainer_script_regex = "^\\s*action\\(.*(?i)\\btype\\b(?-i)=\"omfwd\".*(?i)\\bStreamDriverAuthMode\\b(?-i)=\"x509/name\".*\\)\\s*$" %}}
+{{% set rainer_script_regex = "(?ms)^\\s*action\\(.*(?i)\\btype\\b(?-i)=\"omfwd\".*(?i)\\bStreamDriverAuthMode\\b(?-i)=\"x509/name\".*\\)\\s*$" %}}
 
     <ind:textfilecontent54_test check="all" check_existence="all_exist"
                                 comment="Check if $ActionSendStreamDriverAuthMode x509/name is set in /etc/rsyslog.conf"

@@ -1,8 +1,8 @@
 #!/bin/bash
 # packages = rsyslog
-bash -x setup.sh
+{{{ setup_rsyslog_encrypt_offload_actionsendstreamdriverauthmode() }}}
 
-if [[ -f encrypt.conf ]]; then
-  sed -i "/^\$ActionSendStreamDriverMod.*/d" /etc/rsyslog.conf
+if [[ -f $RSYSLOG_D_CONF ]]; then
+  sed -i "/^\$ActionSendStreamDriverAuthMode.*/d" $RSYSLOG_D_CONF
 fi
-  sed -i "/^\$ActionSendStreamDriverMod.*/d" /etc/rsyslog.conf
+  sed -i "/^\$ActionSendStreamDriverAuthMode.*/d" $RSYSLOG_CONF
@@ -1,5 +1,5 @@
 #!/bin/bash
 # packages = rsyslog
-bash -x setup.sh
+{{{ setup_rsyslog_encrypt_offload_actionsendstreamdriverauthmode() }}}
 
-echo "\$ActionSendStreamDriverAuthMode x509/name" >> /etc/rsyslog.conf
+echo "\$ActionSendStreamDriverAuthMode x509/name" >> $RSYSLOG_CONF
@@ -1,15 +1,5 @@
 #!/bin/bash
 # packages = rsyslog
-bash -x setup.sh
-
-RSYSLOG_CONF='/etc/rsyslog.conf'
-RSYSLOG_D_FILES='/etc/rsyslog.d/*'
-
-# Ensure that rsyslog.conf exists and rsyslog.d folder doesn't contain any file with action
-touch $RSYSLOG_CONF
-for rsyslog_d_file in $RSYSLOG_D_FILES
-do
-	sed -i '/^[[:space:]]*action\.\*/d' $rsyslog_d_file
-done
+{{{ setup_rsyslog_encrypt_offload_actionsendstreamdriverauthmode() }}}
 
 echo 'action(type="omfwd" Target="some.example.com" StreamDriverAuthMode="x509/name")' >> "$RSYSLOG_CONF"
@@ -0,0 +1,11 @@
+#!/bin/bash
+# packages = rsyslog
+{{{ setup_rsyslog_encrypt_offload_actionsendstreamdriverauthmode() }}}
+
+cat << EOF >> "$RSYSLOG_CONF"
+action(
+    type="omfwd"
+    Target="some.example.com"
+    StreamDriverAuthMode="x509/name"
+)
+EOF