Back to bug 2228474
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-08-02 12:25:55 UTC | Pool ID | sst_security_compliance_rhel_8 | |
| Red Hat One Jira (issues.redhat.com) | 2023-08-02 12:27:08 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-164144 | |
| Milan Lysonek | 2023-08-02 13:29:47 UTC | Doc Type | If docs needed, set a value | Bug Fix |
| Doc Text | Cause: Following SCAP rules relevant to /var/log and /var/log/audit partitions were evaluated / remediated without first checking if the appropriate disk partition exists: - mount_option_var_log_audit_nodev - mount_option_var_log_audit_noexec - mount_option_var_log_audit_nosuid - mount_option_var_log_nodev - mount_option_var_log_noexec - mount_option_var_log_nosuid Consequence: Although directories /var/log or /var/log/audit were not mount points for individual partitions, rules were still evaluated and they were reported as failing in the final report. But they should not be evaluated at all. Fix: An applicability check was added so that if /var/log or /var/log/audit are not mount points for individual partitions, rules are not evaluated. Result: Rules are marked as "not applicable" in the final report. |
|||
| Vojtech Polasek | 2023-08-04 07:28:07 UTC | Status | NEW | POST |
| AutoMiloš | 2023-08-08 12:07:00 UTC | Fixed In Version | scap-security-guide-0.1.69-1.el8_6 | |
| Keywords | AutoVerified | |||
| Matus Marhefka | 2023-08-08 12:18:49 UTC | Keywords | AutoVerified | |
| Status | POST | MODIFIED | ||
| Matus Marhefka | 2023-08-08 12:19:24 UTC | Keywords | AutoVerified | |
| Status | MODIFIED | NEW | ||
| Matus Marhefka | 2023-08-08 12:20:15 UTC | Status | NEW | MODIFIED |
| errata-xmlrpc | 2023-08-10 10:00:55 UTC | Status | MODIFIED | ON_QA |
| Milan Lysonek | 2023-08-14 14:36:31 UTC | Status | ON_QA | VERIFIED |
| Doc Text | Cause: Following SCAP rules relevant to /var/log and /var/log/audit partitions were evaluated / remediated without first checking if the appropriate disk partition exists: - mount_option_var_log_audit_nodev - mount_option_var_log_audit_noexec - mount_option_var_log_audit_nosuid - mount_option_var_log_nodev - mount_option_var_log_noexec - mount_option_var_log_nosuid Consequence: Although directories /var/log or /var/log/audit were not mount points for individual partitions, rules were still evaluated and they were reported as failing in the final report. But they should not be evaluated at all. Fix: An applicability check was added so that if /var/log or /var/log/audit are not mount points for individual partitions, rules are not evaluated. Result: Rules are marked as "not applicable" in the final report. | Cause: Following SCAP rules relevant to /var/log and /var/log/audit partitions were evaluated / remediated without first checking if the appropriate disk partition exists: - mount_option_var_log_audit_nodev - mount_option_var_log_audit_noexec - mount_option_var_log_audit_nosuid - mount_option_var_log_nodev - mount_option_var_log_noexec - mount_option_var_log_nosuid Consequence: Although directories /var/log or /var/log/audit were not mount points for individual partitions, rules were still evaluated and they were reported as failing in the final report. But they should not be evaluated at all. Fix: An applicability check was added so that if /var/log or /var/log/audit are not mount points for individual partitions, rules are not evaluated. Result: Rules are marked as "not applicable" in the final report. | ||
| QA Contact | qe-baseos-security | mlysonek |
Back to bug 2228474