Bug 1547694
| Summary: | Rule audit_rules_kernel_module_loading does not remediate properly | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | kat <kbost> | |
| Component: | scap-security-guide | Assignee: | Watson Yuuma Sato <wsato> | |
| Status: | CLOSED ERRATA | QA Contact: | Marek Haicman <mhaicman> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 7.4 | CC: | mhaicman, mthacker, openscap-maint, toneata, yhuang, zpytela | |
| Target Milestone: | rc | Keywords: | ZStream | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | scap-security-guide-0.1.39-1.el7 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1571319 1572136 (view as bug list) | Environment: | ||
| Last Closed: | 2018-10-30 11:46:47 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1571319, 1572136 | |||
|
Description
kat
2018-02-21 18:12:40 UTC
The problem is OVAL check expects both b64 and b32 rules to be present. This is not expressed in description of the rule, nor taken into account in the remediation script. But it is correct behaviour. Thus if you want to pass, you need to add another line catching b32 into /etc/audit/rules.d/modules.rules. Containing this, rule will pass: -a always,exit -F arch=b32 -S init_module -S delete_module -k modules -a always,exit -F arch=b64 -S init_module -S delete_module -k modules -w /usr/sbin/insmod -p x -k modules -w /usr/sbin/rmmod -p x -k modules -w /usr/sbin/modprobe -p x -k modules For RHEL7 DataStream fixed upstream: https://github.com/OpenSCAP/scap-security-guide/pull/2614 *** Bug 1554932 has been marked as a duplicate of this bug. *** Verified for version scap-security-guide-0.1.40-5.el7 Tested with SSG Test Suite, on the commit commit 2dc31c16cc6aa961d1e93e17b0f08ab83a82abfd With command line arguments: --libvirt qemu:///system ssg-test-suite-rhel7 --xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml --remediate-using ansible rule_audit_rules_kernel_module_loading DataStream used (md5) : e445217bb8024176edeae9a55137cc48 ./0.1.36-7.rhel7.ds.xml Setting console output to log level INFO INFO - The base image option has not been specified, choosing libvirt-based test environment. INFO - Logging into /home/dahaic/RH/git/upstream/dahaic/scap-security-guide/tests/logs/rule-custom-2018-09-17-0037/test_suite.log INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading INFO - Script default.fail.sh using profile xccdf_org.ssgproject.content_profile_C2S OK INFO - Script syscalls_multiple_per_arg.pass.sh using profile xccdf_org.ssgproject.content_profile_C2S OK INFO - Script syscalls_one_per_arg.pass.sh using profile xccdf_org.ssgproject.content_profile_C2S OK INFO - Script syscalls_one_per_line.pass.sh using profile xccdf_org.ssgproject.content_profile_C2S OK INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete ERROR - No profile ends with "xccdf_org.ssgproject.content_profile_ospp" INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init ERROR - No profile ends with "xccdf_org.ssgproject.content_profile_ospp" INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod ERROR - No profile ends with "xccdf_org.ssgproject.content_profile_ospp" INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe ERROR - No profile ends with "xccdf_org.ssgproject.content_profile_ospp" INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod ERROR - No profile ends with "xccdf_org.ssgproject.content_profile_ospp" DataStream used (md5) : 1b70337c8805d0107eadbaa89bc11ad5 ./0.1.40-5.rhel7.ds.xml Setting console output to log level INFO INFO - The base image option has not been specified, choosing libvirt-based test environment. INFO - Logging into /home/dahaic/RH/git/upstream/dahaic/scap-security-guide/tests/logs/rule-custom-2018-09-17-0040/test_suite.log INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading INFO - Script default.fail.sh using profile xccdf_org.ssgproject.content_profile_C2S OK INFO - Script syscalls_multiple_per_arg.pass.sh using profile xccdf_org.ssgproject.content_profile_C2S OK INFO - Script syscalls_one_per_arg.pass.sh using profile xccdf_org.ssgproject.content_profile_C2S OK INFO - Script syscalls_one_per_line.pass.sh using profile xccdf_org.ssgproject.content_profile_C2S OK INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete INFO - Script default.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp OK INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init INFO - Script default.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp OK INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_insmod INFO - Script default.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp OK INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_modprobe INFO - Script default.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp OK INFO - xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_rmmod INFO - Script default.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp OK Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3308 |