From 842b295ecfce764d68976ba29796ce9830fd61a0 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Mon, 4 Apr 2022 15:15:40 +0100
Subject: [PATCH] firewall pkg control - prefer log capture

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 defaults/main.yml               | 12 ++++++++++++
 tasks/section_4/cis_4.2.1.x.yml |  3 ++-
 tasks/section_4/cis_4.2.2.x.yml |  1 +
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index cbac9b4..79746ba 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -476,17 +476,24 @@ rhel9cis_tftp_client: false
 
 ## Section3 vars
 ### Firewall Service - either firewalld, iptables, or nftables
+#### Some control allow for services to be removed or masked
+#### The options are under each heading
+#### absent = remove the package
+#### masked = leave package if installed and mask the service
 rhel9cis_firewall: firewalld
 
 ##### firewalld
 rhel9cis_default_zone: public
+rhel9cis_firewalld_nftables_state: absent
 
 #### nftables
+rhel9cis_nftables_firewalld_state: absent
 rhel9cis_nft_tables_autonewtable: true
 rhel9cis_nft_tables_tablename: filter
 rhel9cis_nft_tables_autochaincreate: true
 
 #### iptables
+rhel9cis_iptables_firewalld_state: absent
 
 # Warning Banner Content (issue, issue.net, motd)
 rhel9cis_warning_banner: |
@@ -508,6 +515,11 @@ rhel9cis_audit_back_log_limit: 8192
 # The max_log_file parameter should be based on your sites policy
 rhel9cis_max_log_file_size: 10
 
+## Preferred method of logging
+## Whether rsyslog or journald preferred method for local logging
+## Affects rsyslog cis 4.2.1.3 and journald cis 4.2.2.5
+rhel9cis_preferred_log_capture: rsyslog
+
 #### 4.2.1.6 remote and destation log server name
 rhel9cis_remote_log_server: logagg.example.com
 
diff --git a/tasks/section_4/cis_4.2.1.x.yml b/tasks/section_4/cis_4.2.1.x.yml
index 0d9d0ee..27ec295 100644
--- a/tasks/section_4/cis_4.2.1.x.yml
+++ b/tasks/section_4/cis_4.2.1.x.yml
@@ -29,7 +29,7 @@
       - rsyslog
       - rule_4.2.1.2
 
-# This is counter to control 4.2.1.5??
+# This is counter to control 4.2.2.5??
 - name: "4.2.1.3 | PATCH | Ensure journald is configured to send logs to rsyslog"
   lineinfile:
       dest: /etc/systemd/journald.conf
@@ -38,6 +38,7 @@
       state: present
   when:
       - rhel9cis_rule_4_2_1_3
+      - rhel9cis_preferred_log_capture == "rsyslog"
   tags:
       - level1-server
       - level1-workstation
diff --git a/tasks/section_4/cis_4.2.2.x.yml b/tasks/section_4/cis_4.2.2.x.yml
index e83d97c..5b59d63 100644
--- a/tasks/section_4/cis_4.2.2.x.yml
+++ b/tasks/section_4/cis_4.2.2.x.yml
@@ -137,6 +137,7 @@
   notify: restart systemd_journal_upload
   when:
       - rhel9cis_rule_4_2_2_5
+      - rhel9cis_preferred_log_capture == "journald"
   tags:
       - level1-server
       - level2-workstation