Bug 1415152

Summary: USGCB/STIG Profile causes SSHD to not start
Product: Red Hat Enterprise Linux 7 Reporter: Jaroslav Reznik <jreznik>
Component: scap-security-guideAssignee: Watson Yuuma Sato <wsato>
Status: CLOSED ERRATA QA Contact: Marek Haicman <mhaicman>
Severity: urgent Docs Contact: Mirek Jahoda <mjahoda>
Priority: high    
Version: 7.3CC: akjain, alee, bstinson, cfu, cww, degts, dsirrine, ebenes, edewata, jmagne, mhaicman, mharmsen, mihai, mjahoda, mpreisle, nkinder, openscap-maint, pvrabec, rsahoo, wsato
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Prior to this update, the OpenSCAP remediation function based on United States Government Configuration Baseline (USGCB) or Security Technical Implementation Guide (STIG) profiles from the SCAP Security Guide incorrectly changed the /etc/ssh/sshd_config file. Consequently, the SSH daemon failed to start and the system was not accessible using the SSH protocol. The remediation function has been fixed and a machine remediated using USGCB or STIG profiles is now accessible by SSH.
 Story Points: ---
Clone Of: 1401069 Environment:
Last Closed: 2017-03-02 17:27:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1401069    
Bug Blocks:    

Description Jaroslav Reznik 2017-01-20 12:17:40 UTC 
This bug has been copied from bug #1401069 and has been proposed
to be backported to 7.3 z-stream (EUS).
Comment 5 Marek Haicman 2017-02-16 15:58:46 UTC 
Verified that version scap-security-guide-0.1.30-5.el7_3.noarch contains requested fix.
Comment 6 Marek Haicman 2017-03-01 17:47:45 UTC 
*** Bug 1427920 has been marked as a duplicate of this bug. ***
Comment 8 errata-xmlrpc 2017-03-02 17:27:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0390.html