Back to bug 2228463

Who	When	What	Removed	Added
Red Hat Bugzilla	2023-08-02 12:21:21 UTC	Pool ID		sst_security_compliance_rhel_9
Red Hat One Jira (issues.redhat.com)	2023-08-02 12:21:56 UTC	Link ID		Red Hat Issue Tracker RHELPLAN-164137
Milan Lysonek	2023-08-02 14:22:27 UTC	Doc Type	If docs needed, set a value	Bug Fix
		Doc Text		.Rules checking home directories apply only to local users Multiple compliance profiles provided by the `scap-security-guide` package contain rules checking the correct configuration of user home directories. Specifically, we are talking about these rules: - accounts_user_interactive_home_directory_exists - accounts_users_home_files_groupownership - accounts_user_dot_group_ownership - accounts_users_home_files_permissions - accounts_umask_interactive_users - accounts_user_dot_user_ownership - file_permissions_home_directories - file_groupownership_home_directories - file_ownership_home_directories - accounts_users_home_files_ownership Previously, these rules checked not only configuration of local users but they also evaluated configuration of remote users provided by network sources such as NSS. This behavior was caused by using the `getpwent()` system call in the OpenSCAP scanner. This behavior wasn't desired, behavior the remediation scripts weren't able to change the configuration of the remote users. Therefore, the internal implementation of the aforementioned rules has been changed to depend only on data present in the "/etc/passwd" file. That means no other sources of user metadata are read by the rules. As a result, the rules now consider only local users configuration.
Vojtech Polasek	2023-08-03 09:19:31 UTC	Status	NEW	POST
Jiri Jaburek	2023-08-08 16:25:45 UTC	Fixed In Version		scap-security-guide-0.1.69-1.el9_0
		Status	POST	MODIFIED
errata-xmlrpc	2023-08-10 08:15:00 UTC	Status	MODIFIED	ON_QA
Matus Marhefka	2023-08-14 08:00:19 UTC	Status	ON_QA	VERIFIED
		QA Contact	qe-baseos-security	mmarhefk

Back to bug 2228463