From 0f0cdf35ab62755a070d06ec68eea137a2cb9218 Mon Sep 17 00:00:00 2001
From: D4rkCiph3r <102921060+D4rkCiph3r@users.noreply.github.com>
Date: Sat, 18 Mar 2023 09:07:34 +0530
Subject: [PATCH] Update T1562.yaml

Updated the atomic test(#1, #2) name and description.
Added clean-up commands.
---
 atomics/T1562/T1562.yaml | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/atomics/T1562/T1562.yaml b/atomics/T1562/T1562.yaml
index ef24ef93..6faaacfb 100644
--- a/atomics/T1562/T1562.yaml
+++ b/atomics/T1562/T1562.yaml
@@ -20,23 +20,29 @@ atomic_tests:
       reg delete HKLM\SYSTEM\CurrentControlSet\Control\LSA /v RunAsPPL /f >nul 2>&1
     name: command_prompt
     elevation_required: true
-- name: Disable journal logging
+- name: Disable journal logging via systemctl utility
   description: |
     The atomic test disables the journal logging using built-in systemctl utility
   supported_platforms:
   - linux
   executor:
     command: |
-     sudo systemctl stop systemd-journald #disables journal logging
+      sudo systemctl stop systemd-journald #disables journal logging
+    cleanup_command: |
+      sudo systemctl start systemd-journald #starts journal service
+      sudo systemctl enable systemd-journald #starts journal service automatically at boot time
     name: sh
     elevation_required: true
-- name: Disable journal logging via journald.conf
+- name: Disable journal logging via sed utility
   description: |
-    The atomic test diables the journal logging by searching and replacing the "Storage" parameter to "none" within the journald.conf file, thus any new journal entries will only be temporarily available in memory and not written to disk
+    The atomic test disables the journal logging by searching and replacing the "Storage" parameter to "none" within the journald.conf file, thus any new journal entries will only be temporarily available in memory and not written to disk
   supported_platforms:
   - linux
   executor:
     command: |
-     sudo sed -i 's/Storage=auto/Storage=none/' /etc/systemd/journald.conf
+      sudo sed -i 's/Storage=auto/Storage=none/' /etc/systemd/journald.conf
+    cleanup_command: |
+      sudo sed -i 's/Storage=none/Storage=auto/' /etc/systemd/journald.conf #re-enables storage of journal data
+      sudo systemctl restart systemd-journald #restart the journal service
     name: sh
     elevation_required: true