Skip to content

Support journald drop-in config on Ubuntu#14255

Merged
dodys merged 2 commits intoComplianceAsCode:masterfrom
mpurg:ubuntu_journald_dropin
Dec 19, 2025
Merged

Support journald drop-in config on Ubuntu#14255
dodys merged 2 commits intoComplianceAsCode:masterfrom
mpurg:ubuntu_journald_dropin

Conversation

@mpurg
Copy link
Contributor

@mpurg mpurg commented Dec 18, 2025

Description:

Add support for drop-in configs for journald rules on Ubuntu:

  • journald_compress
  • journald_storage
  • journald_foward_to_syslog
  • journald_disable_forward_to_syslog

Rationale:

@mpurg mpurg requested a review from a team as a code owner December 18, 2025 20:46
@mpurg mpurg added Ubuntu Ubuntu product related. Update Rule Issues or pull requests related to Rules updates. labels Dec 18, 2025
@mpurg mpurg requested a review from dodys December 18, 2025 20:46
@mpurg
Copy link
Contributor Author

mpurg commented Dec 18, 2025

Ubuntu2404 KVM tests:

# (rsyslog disabled)
python3 "tests/automatus.py" rule         --libvirt qemu:///system "sec-noble-amd64"         --datastream "build/ssg-ubuntu2404-ds.xml"         --remove-fips-certified         --remediate-using "bash"         --profile "(all)"         --dontclean         "journald_compress" 
INFO - xccdf_org.ssgproject.content_rule_journald_compress
INFO - Script wrong_dir.fail.sh using profile (all) OK
INFO - Script multiple_vals.fail.sh using profile (all) OK
INFO - Script wrong_dir_spaces.fail.sh using profile (all) OK
INFO - Script correct_master.pass.sh using profile (all) OK
INFO - Script correct_dir_spaces.pass.sh using profile (all) OK
INFO - Script wrong_master.fail.sh using profile (all) OK
INFO - Script correct_dir.pass.sh using profile (all) OK
INFO - Script correct_value_in_quotes.fail.sh using profile (all) OK

python3 "tests/automatus.py" rule         --libvirt qemu:///system "sec-noble-amd64"         --datastream "build/ssg-ubuntu2404-ds.xml"         --remove-fips-certified         --remediate-using "bash"         --profile "(all)"         --dontclean         "journald_disable_forward_to_syslog" 
INFO - xccdf_org.ssgproject.content_rule_journald_disable_forward_to_syslog
INFO - Script multiple_vals.fail.sh using profile (all) OK
INFO - Script correct_master.pass.sh using profile (all) OK
INFO - Script wrong_dir_spaces.fail.sh using profile (all) OK
INFO - Script wrong_master.fail.sh using profile (all) OK
INFO - Script correct_dir.pass.sh using profile (all) OK
INFO - Script correct_dir_spaces.pass.sh using profile (all) OK
INFO - Script wrong_dir.fail.sh using profile (all) OK

python3 "tests/automatus.py" rule         --libvirt qemu:///system "sec-noble-amd64"         --datastream "build/ssg-ubuntu2404-ds.xml"         --remove-fips-certified         --remediate-using "bash"         --profile "(all)"         --dontclean         "journald_storage" 
INFO - xccdf_org.ssgproject.content_rule_journald_storage
INFO - Script correct_master.pass.sh using profile (all) OK
INFO - Script wrong_master.fail.sh using profile (all) OK
INFO - Script wrong_dir_spaces.fail.sh using profile (all) OK
INFO - Script correct_dir.pass.sh using profile (all) OK
INFO - Script wrong_dir.fail.sh using profile (all) OK
INFO - Script multiple_vals.fail.sh using profile (all) OK
INFO - Script correct_dir_spaces.pass.sh using profile (all) OK
INFO - Script correct_value_in_quotes.fail.sh using profile (all) OK

# (rsyslog enabled)
python3 "tests/automatus.py" rule         --libvirt qemu:///system "sec-noble-amd64"         --datastream "build/ssg-ubuntu2404-ds.xml"         --remove-fips-certified         --remediate-using "bash"         --profile "(all)"         --dontclean         "journald_forward_to_syslog" 
INFO - xccdf_org.ssgproject.content_rule_journald_forward_to_syslog
INFO - Script multiple_vals.fail.sh using profile (all) OK
INFO - Script correct_master.pass.sh using profile (all) OK
INFO - Script correct_dir_spaces.pass.sh using profile (all) OK
INFO - Script wrong_dir_spaces.fail.sh using profile (all) OK
INFO - Script correct_dir.pass.sh using profile (all) OK
INFO - Script wrong_master.fail.sh using profile (all) OK
INFO - Script wrong_dir.fail.sh using profile (all) OK

@mpurg mpurg mentioned this pull request Dec 18, 2025
Closed
@github-actions
Copy link

github-actions bot commented Dec 18, 2025

ATEX Test Results

Test artifacts have been submitted to Testing Farm.

Results: View Test Results
Workflow Run: View Workflow Details

This comment was automatically generated by the ATEX workflow.

@openshift-ci
Copy link

openshift-ci bot commented Dec 18, 2025

@mpurg: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-node-compliance 75841d5 link true /test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@dodys dodys added this to the 0.1.80 milestone Dec 19, 2025
dodys
dodys approved these changes Dec 19, 2025
View reviewed changes
Copy link
Contributor

@dodys dodys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks!

@dodys dodys merged commit 9d14286 into ComplianceAsCode:master Dec 19, 2025
139 of 142 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dodys dodys dodys approved these changes

Assignees

No one assigned

Labels

Ubuntu Ubuntu product related. Update Rule Issues or pull requests related to Rules updates.

Projects

None yet

Milestone

0.1.80

Development

Successfully merging this pull request may close these issues.

ForwardToSyslog via drop-in-file

2 participants

@mpurg @dodys