.STIG-specific default banner text removed from other profiles
Previously, banner text from the STIG profile was used as default by other profiles that did not have a default text defined, such as CIS. As a consequence, systems using these profiles were configured with the specific text required by DISA. With this update, a generic default text was created and a standard CIS banner aligned with the guidelines was defined. As a result, profiles based on guidelines which explicitly require a text banner are now aligned with the requirements and set the correct text.
Description of problem:
We are scanning our systems for compliance with the RHEL 8 CIS policy.. The following 2 rules are not CIS and should be not there.
~~~
Actual results:
Title Modify the System Message of the Day Banner
Rule xccdf_org.ssgproject.content_rule_banner_etc_motd
Ident CCE-83496-0
Result fail
Title Modify the System Login Banner
Rule xccdf_org.ssgproject.content_rule_banner_etc_issue
Ident CCE-80763-6
Result fail
~~~
Both of these rules are to do with banner of /etc/motd and are to do with US government banner message..
Version-Release number of selected component (if applicable):
scap-security-guide-0.1.54-5.el8.noarch
How reproducible:
Always
Steps to Reproduce:
1. Register server on Insights portal
2. Assign RHEL 8 CIS policy to the server
3. Run "insights-client --compliance" command on server.
Actual results:
The following 2 rules are marked as false positive:
~~~
Modify the System Message of the Day Banner
Modify the System Login Banner
~~~
Expected results:
These rules does not exist in CIS. These are NIST rules.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2022:1900