Bug 1754553
| Summary: | Rule mount_option_dev_shm_noexec fails after kickstart installation | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Milan Lysonek <mlysonek> | ||||||||
| Component: | scap-security-guide | Assignee: | Matěj Týč <matyc> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | Gabriel Gaspar Becker <ggasparb> | ||||||||
| Severity: | high | Docs Contact: | Eric Christensen <sparks> | ||||||||
| Priority: | high | ||||||||||
| Version: | 7.8 | CC: | ggasparb, jcerny, matyc, mhaicman, openscap-maint, sparks, vpolasek | ||||||||
| Target Milestone: | rc | Keywords: | Bugfix | ||||||||
| Target Release: | 7.8 | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | scap-security-guide-0.1.46-4.el7 | Doc Type: | No Doc Update | ||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2020-03-31 19:38:32 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
A fix has been proposed to the upstream in https://github.com/ComplianceAsCode/content/pull/4959 Created attachment 1635757 [details]
Contains report from older version of package
Report containing occurrence of failing rule.
Created attachment 1635758 [details]
Contains report from newer version of package
Report containing occurrence of passing rule.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1019 |
Created attachment 1618234 [details] Report from OAA Description of problem: After installing RHEL 7.8 with kickstart using OSPP profile rule xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec (Add noexec Option to /dev/shm) fails. Version-Release number of selected component (if applicable): scap-security-guide-0.1.46-1.el7.noarch.rpm How reproducible: 100% Steps to Reproduce: 1. Install RHEL 7.8 with OSPP kickstart 2. Scan machine with "oscap xccdf eval --rule xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec --profile xccdf_org.ssgproject.content_profile_ospp /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" OR check OAA report in /root/openscap_data folder Actual results: xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec is failing after kickstart installation. Expected results: xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec passes after kickstart installation. Additional info: OAA report is attached. It contains some output from remediation: Fix execution completed and returned: 0 mount: /etc/fstab: parse error: ignore entry at line 19. Failed to verify applied fix: Checking engine returns: fail