From 024d22c96072f509934d7bc78ff93cd18003e4d1 Mon Sep 17 00:00:00 2001
From: D4rkCiph3r <102921060+D4rkCiph3r@users.noreply.github.com>
Date: Sat, 18 Feb 2023 11:19:56 +0530
Subject: [PATCH] Added new tests (T562) - macOS

New tests added:
1. Disable journal logging
2. Disable journal logging via journald.conf

The man pages of the respective utilities can be referred
---
 atomics/T1562/T1562.yaml | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/atomics/T1562/T1562.yaml b/atomics/T1562/T1562.yaml
index 031e6ec1..ef24ef93 100644
--- a/atomics/T1562/T1562.yaml
+++ b/atomics/T1562/T1562.yaml
@@ -19,4 +19,24 @@ atomic_tests:
     cleanup_command: |
       reg delete HKLM\SYSTEM\CurrentControlSet\Control\LSA /v RunAsPPL /f >nul 2>&1
     name: command_prompt
-    elevation_required: true
\ No newline at end of file
+    elevation_required: true
+- name: Disable journal logging
+  description: |
+    The atomic test disables the journal logging using built-in systemctl utility
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+     sudo systemctl stop systemd-journald #disables journal logging
+    name: sh
+    elevation_required: true
+- name: Disable journal logging via journald.conf
+  description: |
+    The atomic test diables the journal logging by searching and replacing the "Storage" parameter to "none" within the journald.conf file, thus any new journal entries will only be temporarily available in memory and not written to disk
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+     sudo sed -i 's/Storage=auto/Storage=none/' /etc/systemd/journald.conf
+    name: sh
+    elevation_required: true