# platform = multi_platform_all
# reboot = false
# strategy = configure
# complexity = low
# disruption = low
# Remediation is applicable only in certain platforms
if dpkg-query --show --showformat='${db:Status-Status}' 'linux-base' 2>/dev/null | grep -q '^installed$'; then

sed -i '/^\s*$FileCreateMode/d' /etc/rsyslog.d/*

if ! grep -qE '^\s*\$FileCreateMode\s+0640' /etc/rsyslog.conf; then
    if grep -qE '^\s*\$FileCreateMode' /etc/rsyslog.conf; then
        sed -i '/^\s*\$FileCreateMode/ s/^/#/' /etc/rsyslog.conf
    fi
    ## Assume there is no filter named as 00-, otherwise those filters might be included before this configuration and create file with different permissions
    echo '$FileCreateMode 0640' > /etc/rsyslog.d/00-rsyslog_filecreatemode.conf
fi

systemctl restart rsyslog.service

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi