From 3a50bd16d19cb4fe033cec0f649db81eda4c07f5 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Fri, 17 Jan 2025 12:38:12 +0100
Subject: [PATCH] Enable correct OVAL criteria for RHEL9/RHEL10 in
 file_ownership_var_log_audit_stig.

The check was only being applied to RHEL8 which was originally designed
for. The jinja macro was modified to include all versions of RHEL and
OL. This should resolve the problems with the test scenarios.
---
 .../file_ownership_var_log_audit_stig/oval/shared.xml         | 4 ++--
 .../tests/correct_value_default_file.pass.sh                  | 2 ++
 .../tests/wrong_value_default_file.fail.sh                    | 2 ++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
index 95acf590518..ab8162688bb 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
@@ -6,7 +6,7 @@
         <extend_definition comment="log_file not set in auditd.conf" definition_ref="auditd_conf_log_file_not_set" negate="true" />
         <criterion comment="audit log files are root owned" test_ref="test_user_ownership_audit_log_files" />
       </criteria>
-      {{% if product in ["ol8", "rhel8"] %}}
+      {{% if "ol" in families or "rhel" in product %}}
       <criteria operator="AND" comment="log_file not set">
         <extend_definition comment="log_file not set in auditd.conf"
           definition_ref="auditd_conf_log_file_not_set"/>
@@ -28,7 +28,7 @@
     <filter action="include">state_owner_not_root_var_log_audit</filter>
   </unix:file_object>
   
-  {{% if product in ["ol8", "rhel8"] %}}
+  {{% if "ol" in families or "rhel" in product %}}
   <unix:file_test check="all" check_existence="none_exist"
       comment="var/log/audit/audit.log file uid root"
       id="test_user_ownership_audit_default_log_files" version="1">
diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh
index 3a0d9a4e983..a90711c9853 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh
@@ -1,6 +1,8 @@
 # platform = multi_platform_ol,multi_platform_rhel
 #!/bin/bash
 
+# packages = audit
+
 sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf
 useradd testuser_123
 touch "/var/log/audit/audit2.log"
diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh
index 1879113b8a0..246cb203fc1 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh
@@ -1,6 +1,8 @@
 # platform = multi_platform_ol,multi_platform_rhel
 #!/bin/bash
 
+# packages = audit
+
 sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf
 useradd testuser_123
 touch "/var/log/audit/audit2.log"