Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1399074

Summary: Evaluation of RHEL6 system after installing it from STIG kickstart reports some failing rules
Product: Red Hat Enterprise Linux 6 Reporter: Matus Marhefka <mmarhefk>
Component: scap-security-guideAssignee: Watson Yuuma Sato <wsato>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.9CC: mhaicman, openscap-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-06 11:38:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matus Marhefka 2016-11-28 08:59:29 UTC 
Description of problem:
Install RHEL6 system (server variant) from STIG kickstart (ssg-rhel6-stig-ks.cfg) provided by scap-security-guide package. After evaluation of STIG content on the installed system the following rules are failing:
===
These are the unexpected results:
Found 5 nodes:
-- NODE --
<rule-result idref="install_antivirus" time="2016-11-24T04:07:05" severity="low" weight="1.000000">
      <result>fail</result>
      <ident system="http://cce.mitre.org">CCE-27529-7</ident>
      <ident system="http://cce.mitre.org">DISA FSO RHEL-06-000284</ident>
      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
        <check-content-ref name="oval:ssg-install_antivirus:def:1" href="ssg-rhel6-oval.xml" />
      </check>
    </rule-result>-- NODE --
<rule-result idref="accounts_umask_etc_csh_cshrc" time="2016-11-24T04:08:59" severity="low" weight="1.000000">
      <result>fail</result>
      <ident system="http://cce.mitre.org">CCE-27034-8</ident>
      <ident system="http://cce.mitre.org">DISA FSO RHEL-06-000343</ident>
      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
        <check-export export-name="oval:ssg-var_accounts_user_umask:var:1" value-id="var_accounts_user_umask" />
        <check-content-ref name="oval:ssg-accounts_umask_etc_csh_cshrc:def:1" href="ssg-rhel6-oval.xml" />
      </check>
    </rule-result>-- NODE --
<rule-result idref="smartcard_auth" time="2016-11-24T04:09:00" severity="medium" weight="1.000000">
      <result>fail</result>
      <ident system="http://cce.mitre.org">CCE-27440-7</ident>
      <ident system="http://cce.mitre.org">DISA FSO RHEL-06-000349</ident>
      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
        <check-content-ref name="oval:ssg-smartcard_auth:def:1" href="ssg-rhel6-oval.xml" />
      </check>
    </rule-result>-- NODE --
<rule-result idref="rsyslog_files_permissions" time="2016-11-24T04:09:02" severity="medium" weight="1.000000">
      <result>fail</result>
      <ident system="http://cce.mitre.org">CCE-27190-8</ident>
      <ident system="http://cce.mitre.org">DISA FSO RHEL-06-000135</ident>
      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
        <check-content-ref name="oval:ssg-rsyslog_files_permissions:def:1" href="ssg-rhel6-oval.xml" />
      </check>
    </rule-result>-- NODE --
<rule-result idref="rsyslog_remote_loghost" time="2016-11-24T04:09:02" severity="low" weight="1.000000">
      <result>fail</result>
      <ident system="http://cce.mitre.org">CCE-26801-1</ident>
      <ident system="http://cce.mitre.org">DISA FSO RHEL-06-000136</ident>
      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
        <check-content-ref name="oval:ssg-rsyslog_remote_loghost:def:1" href="ssg-rhel6-oval.xml" />
      </check>
    </rule-result>
===

scap-security-guide-0.1.28-3.el6.noarch

How reproducible:
Always

Actual results:
Evaluation of STIG content on the system installed from STIG kickstart reports failing rules.

Expected results:
Evaluation of STIG content on the system installed from STIG kickstart reports that system is STIG compliant.


Additional info:
Comment 1 Matus Marhefka 2016-11-28 09:05:02 UTC 
Evaluation of STIG content also reports some 'notchecked' results:
===
These are the unexpected results:
Found 3 nodes:
-- NODE --
<rule-result idref="encrypt_partitions" time="2016-11-24T04:05:07" severity="low" weight="1.000000">
      <result>notchecked</result>
      <ident system="http://cce.mitre.org">CCE-27596-6</ident>
      <ident system="http://cce.mitre.org">DISA FSO RHEL-06-000275</ident>
      <message severity="info">No candidate or applicable check found.</message>
      <check system="ocil-transitional">
        <check-export export-name="encryption must be used and is not employed" value-id="conditional_clause" />
        <check-content xmlns:xhtml="http://www.w3.org/1999/xhtml">
Determine if encryption must be used to protect data on the system. 
</check-content>
      </check>
    </rule-result>-- NODE --
<rule-result idref="install_hids" time="2016-11-24T04:07:05" severity="medium" weight="1.000000">
      <result>notchecked</result>
      <ident system="http://cce.mitre.org">CCE-27409-2</ident>
      <ident system="http://cce.mitre.org">DISA FSO RHEL-06-000285</ident>
      <message severity="info">No candidate or applicable check found.</message>
      <check system="ocil-transitional">
        <check-export export-name="no host-based intrusion detection tools are installed" value-id="conditional_clause" />
        <check-content xmlns:xhtml="http://www.w3.org/1999/xhtml">
Inspect the system to determine if intrusion detection software has been installed. 
Verify this intrusion detection software is active.
</check-content>
      </check>
    </rule-result>-- NODE --
<rule-result idref="account_temp_expire_date" time="2016-11-24T04:08:59" severity="low" weight="1.000000">
      <result>notchecked</result>
      <ident system="http://cce.mitre.org">CCE-27474-6</ident>
      <message severity="info">No candidate or applicable check found.</message>
      <check system="ocil-transitional">
        <check-export export-name="any temporary or emergency accounts have no expiration date set or do not expire within a documented time frame" value-id="conditional_clause" />
        <check-content xmlns:xhtml="http://www.w3.org/1999/xhtml">
For every temporary and emergency account, run the following command
to obtain its account aging and expiration information:
<html:pre xmlns:html="http://www.w3.org/1999/xhtml">$ sudo chage -l <html:i>USER</html:i></html:pre>
Verify each of these accounts has an expiration date set as documented.
</check-content>
      </check>
    </rule-result>
===

Why are these rules 'notchecked'?
Comment 6 Jan Kurik 2017-12-06 11:38:28 UTC 
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/