Bug 1970131
| Summary: | Add STIG variant for GUI installations | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Marek Haicman <mhaicman> | ||||
| Component: | scap-security-guide | Assignee: | Vojtech Polasek <vpolasek> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Matus Marhefka <mmarhefk> | ||||
| Severity: | medium | Docs Contact: | Jan Fiala <jafiala> | ||||
| Priority: | high | ||||||
| Version: | 7.9 | CC: | ggasparb, jafiala, jreznik, mhaicman, mlysonek, vpolasek, wsato | ||||
| Target Milestone: | rc | Keywords: | Triaged, ZStream | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | scap-security-guide-0.1.54-4.el7_9 | Doc Type: | No Doc Update | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-07-21 01:06:27 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Marek Haicman
2021-06-09 20:56:11 UTC
Upstream patch is here: https://github.com/ComplianceAsCode/content/pull/6863 Created attachment 1794309 [details]
HTML report from scan of a system installed with STIG GUI profile (Server with GUI install)
Verified for scap-security-guide-0.1.54-6.el7_9 Status of STIG GUI (stig_gui) profile v3r3: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Rules without Bash and Ansible remediations (remediations are omitted on purpose): grub2_password package_MFEhiplsm_installed install_antivirus set_firewalld_default_zone network_configure_name_resolution Rules with missing Ansible remediations: aide_verify_ext_attributes aide_verify_acls aide_use_fips_hashes aide_scan_notification configure_firewalld_ports postfix_prevent_unrestricted_relay chronyd_or_ntpd_set_maxpoll smartcard_auth Known issues: rpm_verify_hashes - fails because rule require_singleuser_auth modifies /usr/lib/systemd/system/rescue.service sysctl_net_ipv4_ip_forward - bz1825810 dconf_gnome_screensaver_idle_activation_enabled, dconf_gnome_screensaver_idle_delay, dconf_gnome_disable_automount_open - bz1976123 out of memory issue - caused by bz1861300, system might run out of memory in case a scan is performed on RHEL-7.9 GUI installation with minimal system requirements and openscap-1.2.17-11.el7 (manifests through the rpm_verify_hashes rule, openscap subprocess is killed and the rule results in "unknown"), it is recommended to use openscap-1.2.17-13.el7_9 which mitigates this issue HTML report from scan of a system installed with STIG profile is attached as stig_gui.html (Server with GUI install). Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2803 |