Back to bug 2115343
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2022-08-04 13:06:42 UTC | Pool ID | sst_security_compliance_rhel_8 | |
| Red Hat One Jira (issues.redhat.com) | 2022-08-04 13:17:35 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-130306 | |
| Marek Haicman | 2022-08-15 16:29:09 UTC | Doc Type | If docs needed, set a value | No Doc Update |
| Red Hat Bugzilla | 2022-08-15 16:29:09 UTC | Doc Type | No Doc Update | No Doc Update |
| Matěj Týč | 2022-08-29 14:10:57 UTC | CC | matyc | |
| Vojtech Polasek | 2022-08-30 11:59:31 UTC | Keywords | Triaged | |
| Matus Marhefka | 2022-09-01 09:52:39 UTC | Blocks | 2123284 | |
| Shreyas Mahangade | 2023-01-11 20:43:38 UTC | CC | smahanga | |
| Watson Yuuma Sato | 2023-01-26 10:26:39 UTC | Status | NEW | POST |
| Milan Lysonek | 2023-01-26 10:45:57 UTC | QA Contact | qe-baseos-security | mlysonek |
| Watson Yuuma Sato | 2023-01-30 14:08:39 UTC | Doc Type | No Doc Update | Bug Fix |
| Doc Text | Cause: The implementation of rule 'file_permissions_sshd_private_key' allowed private SSH keys to be readable by 'ssh_keys' group with mode 0644. While DISA STIG RHEL-08-010490 requires private SSH keys to have mode 0600. Consequence: Evaluation with DISA's automated STIG benchmark resulted in fail for configuration RHEL-08-010490. Fix: We have worked with DISA to align the expected permissions for private SSH keys, and now private keys are expected to have mode 0644 or less permissive. Result: Our rule 'file_permissions_sshd_private_key' and configuration RHEL-08-010490 are aligned. |
|||
| RHEL Program Management Team | 2023-02-08 07:05:48 UTC | Blocks | 2168057 | |
| RHEL Program Management Team | 2023-02-08 07:05:58 UTC | Blocks | 2168058 | |
| RHEL Program Management Team | 2023-02-08 07:06:09 UTC | Blocks | 2168059 | |
| RHEL Program Management Team | 2023-02-08 07:06:16 UTC | Keywords | ZStream | |
| Milan Lysonek | 2023-02-13 14:09:13 UTC | Fixed In Version | scap-security-guide-0.1.66-1.el8 | |
| Status | POST | MODIFIED | ||
| AutoMiloš | 2023-02-14 16:31:19 UTC | Keywords | AutoVerified | |
| errata-xmlrpc | 2023-02-15 15:45:21 UTC | Status | MODIFIED | ON_QA |
| Jiri Jaburek | 2023-02-17 02:07:55 UTC | CC | jjaburek | |
| QA Contact | mlysonek | jjaburek | ||
| Jiri Jaburek | 2023-02-18 14:16:37 UTC | Status | ON_QA | VERIFIED |
| Jan Fiala | 2023-03-20 10:40:05 UTC | Docs Contact | jafiala | |
| CC | jafiala | |||
| Jan Fiala | 2023-03-22 15:45:17 UTC | Doc Text | Cause: The implementation of rule 'file_permissions_sshd_private_key' allowed private SSH keys to be readable by 'ssh_keys' group with mode 0644. While DISA STIG RHEL-08-010490 requires private SSH keys to have mode 0600. Consequence: Evaluation with DISA's automated STIG benchmark resulted in fail for configuration RHEL-08-010490. Fix: We have worked with DISA to align the expected permissions for private SSH keys, and now private keys are expected to have mode 0644 or less permissive. Result: Our rule 'file_permissions_sshd_private_key' and configuration RHEL-08-010490 are aligned. | .SCAP Security Guide rule `file_permissions_sshd_private_key` is aligned with configuration RHEL-08-010490 Previously, the implementation of rule `file_permissions_sshd_private_key` allowed private SSH keys to be readable by the `ssh_keys` group with mode `0644`, while DISA STIG version RHEL-08-010490 required private SSH keys to have mode `0600`. As a consequence, evaluation with DISA’s automated STIG benchmark failed for configuration RHEL-08-010490. For this update, we worked with DISA to align the expected permissions for private SSH keys, and now private keys are expected to have mode `0644` or less permissive. As a result, the rule `file_permissions_sshd_private_key` and configuration RHEL-08-010490 are aligned. |
| CC | vpolasek | |||
| Flags | needinfo?(vpolasek) | |||
| Vojtech Polasek | 2023-03-22 16:44:19 UTC | Flags | needinfo?(vpolasek) | |
| Jan Fiala | 2023-03-23 07:55:08 UTC | Doc Text | .SCAP Security Guide rule `file_permissions_sshd_private_key` is aligned with configuration RHEL-08-010490 Previously, the implementation of rule `file_permissions_sshd_private_key` allowed private SSH keys to be readable by the `ssh_keys` group with mode `0644`, while DISA STIG version RHEL-08-010490 required private SSH keys to have mode `0600`. As a consequence, evaluation with DISA’s automated STIG benchmark failed for configuration RHEL-08-010490. For this update, we worked with DISA to align the expected permissions for private SSH keys, and now private keys are expected to have mode `0644` or less permissive. As a result, the rule `file_permissions_sshd_private_key` and configuration RHEL-08-010490 are aligned. | .SCAP Security Guide rule `file_permissions_sshd_private_key` is aligned with STIG configuration RHEL-08-010490 Previously, the implementation of rule `file_permissions_sshd_private_key` allowed private SSH keys to be readable by the `ssh_keys` group with mode `0644`, while DISA STIG version RHEL-08-010490 required private SSH keys to have mode `0600`. As a consequence, evaluation with DISA’s automated STIG benchmark failed for configuration RHEL-08-010490. For this update, we worked with DISA to align the expected permissions for private SSH keys, and now private keys are expected to have mode `0644` or less permissive. As a result, the rule `file_permissions_sshd_private_key` and configuration RHEL-08-010490 are aligned. |
| Jan Fiala | 2023-03-23 11:19:32 UTC | Doc Text | .SCAP Security Guide rule `file_permissions_sshd_private_key` is aligned with STIG configuration RHEL-08-010490 Previously, the implementation of rule `file_permissions_sshd_private_key` allowed private SSH keys to be readable by the `ssh_keys` group with mode `0644`, while DISA STIG version RHEL-08-010490 required private SSH keys to have mode `0600`. As a consequence, evaluation with DISA’s automated STIG benchmark failed for configuration RHEL-08-010490. For this update, we worked with DISA to align the expected permissions for private SSH keys, and now private keys are expected to have mode `0644` or less permissive. As a result, the rule `file_permissions_sshd_private_key` and configuration RHEL-08-010490 are aligned. | .SCAP Security Guide rule `file_permissions_sshd_private_key` is aligned with STIG configuration RHEL-08-010490 Previously, the implementation of rule `file_permissions_sshd_private_key` allowed private SSH keys to be readable by the `ssh_keys` group with mode `0644`, while DISA STIG version RHEL-08-010490 required private SSH keys to have mode `0600`. As a consequence, evaluation with DISA’s automated STIG benchmark failed for configuration RHEL-08-010490. For this update, we worked with DISA to align the expected permissions for private SSH keys, and now private keys are expected to have mode `0644` or less permissive. As a result, the rule `file_permissions_sshd_private_key` and configuration RHEL-08-010490 are now aligned. |
| errata-xmlrpc | 2023-05-09 00:13:13 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2023-05-16 08:39:27 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-05-16 08:39:27 UTC | |||
| errata-xmlrpc | 2023-05-16 08:40:28 UTC | Link ID | Red Hat Product Errata RHBA-2023:2869 |
Back to bug 2115343