Bug 1662627
| Summary: | Remediation script not working correctly and OpenSCAP report is showing incorrect report. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Pooja Trivedi <ptrivedi> | ||||||
| Component: | scap-security-guide | Assignee: | Vojtech Polasek <vpolasek> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Jan Černý <jcerny> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 8.1 | CC: | cparadka, ggasparb, inecas, jcerny, mhaicman, openscap-maint, ptrivedi, wsato | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | 8.2 | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | scap-security-guide-0.1.47-1.el8 | Doc Type: | If docs needed, set a value | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2020-04-28 15:30:41 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 1517565 [details]
Tailored Openscap file
I believe correct component for this bug is SSG. This issue was not selected to be included in Red Hat Enterprise Linux 7.8 because it is seen either as low or moderate impact to a small number of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We are deferring this issue to Red Hat Enterprise Linux 8, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open. I have run the upstream test scenarios for rule service_atd_disabled against the datastream present in scap-security-guide-0.1.47-1.el8.noarch
8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
[jcerny@thinkpad tests{master}]$ python3 test_suite.py rule --libvirt qemu:///system ssgts_rhel8 --profile '(all)' --datastream ~/downstream/scap-security-guide-0.1.47-1.el8/usr/share/xml/scap/ssg/content/ssg-
rhel8-ds.xml service_atd_disabled
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/scap-security-guide/tests/logs/rule-custom-2019-11-19-1531/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_service_atd_disabled
INFO - Script service_enabled.fail.sh using profile (all) OK
INFO - Script service_disabled_rpcstatd_enabled.pass.sh using profile (all) OK
INFO - Script service_disabled.pass.sh using profile (all) OK
8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1583 |
Created attachment 1517564 [details] Remediation script Description of problem: Remediation script not working correctly and Openscp report is showing incorrect report. How reproducible: Steps to Reproduce: 1. Use the attached Remediation script and run the tailored Openscap file 2. The Openscap report will show atd service test failed even though the service is stopped. 3. If we run the tailored Openscap file directly without the Remediation script the Openscap report shows correct test output for atd service. Actual results: The Openscap report will show atd service test failed even though the service is stopped. Expected results: The Openscap report should show correct test report with remediation script as well. Additional info: Attached the files.