Bug 1765981
| Summary: | oscap is testing for audispd on rhel8 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | David Pinkerton <dpinkerton> | ||||
| Component: | scap-security-guide | Assignee: | Watson Yuuma Sato <wsato> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Matus Marhefka <mmarhefk> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 8.0 | CC: | ggasparb, mhaicman, mmarhefk | ||||
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
||||
| Target Release: | 8.0 | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | scap-security-guide-0.1.49-1.el8 | Doc Type: | No Doc Update | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-11-04 02:29:53 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
As can be seen from the screenshot, the OVAL correctly checks /etc/auditd/plugins.d/ and not /etc/audisp/plugins.d/. Only the rule title and description need to be updated. It hasn't been completed in https://github.com/ComplianceAsCode/content/pull/3620 which introduced the update of content for Audit >= 3.0 which is present in RHEL8. Switching to correct component. The Rule 'auditd_audispd_syslog_plugin_activated' has been fixed to check for the right config files, done in PR mentioned in Comment 1. The rule now passes on 'OSPP' but fails on 'PCI-DSS'. The difference is the 'PCI-DSS' profile doesn't install 'audispd-plugin'. Proposed fix: https://github.com/ComplianceAsCode/content/pull/5124 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4626 |
Created attachment 1629656 [details] screenshot of test results Description of problem: openscap (ospp and pci-dss profiles) are failing on audispd which is not included in RHEL8 Version-Release number of selected component (if applicable): openscap-1.3.0-7.el8.x86_64 openscap-scanner-1.3.0-7.el8.x86_64 scap-security-guide-0.1.42-11.el8.noarch How reproducible: Steps to Reproduce: 1. install rhel8 and scap packages 2. /usr/bin/oscap xccdf eval --oval-results --profile ospp --report /tmp/$(hostname).html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml Actual results: Test: Configure auditd to use audispd's syslog plugin : FAILED Expected results: should not be tested Additional info: