Description of Problem:

CIS-CAT v4.27 reports a RHEL9 system is not compliant with rule "xccdf_org.cisecurity.benchmarks_rule_4.2.1.4_Ensure_rsyslog_default_file_permissions_are_configured", yet I can't find the CCE or openSCAP rule ID that matches that one and activate it to remediate.

OpenSCAP Version:

openscap-1.3.6-5.el9_1.x86_64
openscap-scanner-1.3.6-5.el9_1.x86_64
scap-security-guide-0.1.66-1.el9_1.noarch
perl-Pod-Escapes-1.07-460.el9.noarch
openscap-utils-1.3.6-5.el9_1.x86_64

Operating System & Version:

RHEL 9

Steps to Reproduce:

1. Extract CIS-CAT-Assessor-linux-jre-v4.27.0.zip
2. Copy the license to Assessor/license
3. Execute:

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_server_l1 --remediate --results "/tmp/result" /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml

4. Execute:

./Assessor-CLI.sh --reports-dir /tmp --profile xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server -html --benchmark benchmarks/CIS_Red_Hat_Enterprise_Linux_9_Benchmark_v1.0.0-xccdf.xml

Actual Results:

CIS-CAT report failiure for "xccdf_org.cisecurity.benchmarks_rule_4.2.1.4_Ensure_rsyslog_default_file_permissions_are_configured" rule.
No '$FileCreateMode' or '$umask' defined in /etc/rsyslog.conf or /etc/rsyslog.d/*.conf

Expected Results:

openSCAP rule to exist for CIS Server L1 benchmark.

This is not the right repo for such kind of feature requests. The correct one is: https://github.com/ComplianceAsCode/content