Back to bug 2228462
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-08-02 12:21:12 UTC | Pool ID | sst_security_compliance_rhel_9 | |
| Milan Lysonek | 2023-08-02 14:22:32 UTC | Doc Text | .Rules checking home directories apply only to local users Multiple compliance profiles provided by the `scap-security-guide` package contain rules checking the correct configuration of user home directories. Specifically, we are talking about these rules: - accounts_user_interactive_home_directory_exists - accounts_users_home_files_groupownership - accounts_user_dot_group_ownership - accounts_users_home_files_permissions - accounts_umask_interactive_users - accounts_user_dot_user_ownership - file_permissions_home_directories - file_groupownership_home_directories - file_ownership_home_directories - accounts_users_home_files_ownership Previously, these rules checked not only configuration of local users but they also evaluated configuration of remote users provided by network sources such as NSS. This behavior was caused by using the `getpwent()` system call in the OpenSCAP scanner. This behavior wasn't desired, behavior the remediation scripts weren't able to change the configuration of the remote users. Therefore, the internal implementation of the aforementioned rules has been changed to depend only on data present in the "/etc/passwd" file. That means no other sources of user metadata are read by the rules. As a result, the rules now consider only local users configuration. | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Red Hat One Jira (issues.redhat.com) | 2023-08-02 14:23:14 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-164212 | |
| Vojtech Polasek | 2023-08-04 07:58:38 UTC | Status | NEW | POST |
| Matěj Týč | 2023-08-11 12:29:08 UTC | Status | POST | MODIFIED |
| CC | matyc | |||
| errata-xmlrpc | 2023-08-16 17:01:11 UTC | Fixed In Version | scap-security-guide-0.1.69-1.el9_2 | |
| Status | MODIFIED | ON_QA |
Back to bug 2228462