Bug 1465675

Summary: 14 audit related rules fail to remediate on fresh installed system
Product: Red Hat Enterprise Linux 7 Reporter: Marek Haicman <mhaicman>
Component: scap-security-guideAssignee: Jan Černý <jcerny>
Status: CLOSED ERRATA QA Contact: Watson Yuuma Sato <wsato>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: jcerny, jwojcik, mhaicman, openscap-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.43-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 13:04:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Marek Haicman 2017-06-27 22:43:21 UTC
Description of problem:
When remediations of complex profiles shipped in scap-security-guide are applied to freshly installed system (note - not using anaconda, but after the installation is finished), 14 audit related rules stays incompliant, these rules are:

C2S and CJIS profiles:
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading

OSPP, STIG profiles:
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate
--
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete
--
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd



Version-Release number of selected component (if applicable):
scap-security-guide-0.1.33-5.el7.noarch

How reproducible:
reliably

Steps to Reproduce:
1. install fresh RHEL7.4 machine
2. run remediation of one of the aforementioned profiles
3.

Actual results:
Rules still failing after the remediation

Expected results:
Rules passing after the remediation

Additional info:

Comment 1 Watson Yuuma Sato 2017-11-16 16:22:11 UTC
On RHEL7.4 with scap-security-guide-0.1.36, scan after remediation of following Rules report pass:
rule_audit_rules_unsuccessful_file_modification_*
rule_audit_rules_usergroup_modification_*

But Rule xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading errors on remediation.

Comment 2 Watson Yuuma Sato 2018-11-26 13:38:54 UTC
This commit https://github.com/ComplianceAsCode/content/commit/8c6107f26a fixes Rule xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading errors on RHEL7.6.

Comment 9 errata-xmlrpc 2019-08-06 13:04:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2198