.Descriptions for `restorecon` and `seunshare` SSG rules fixed
Previously, descriptions for rules "Record Any Attempts to Run restorecon" (CCE-80699-2) and "Record Any Attempts to Run seunshare" (CCE-80933-5) were incorrect.
With this update, the descriptions of these rules are aligned with the automated OVAL check. As a result, applying the fix recommended in the description now correctly fixes these rules.
Created attachment 1841934[details]
A samle test result against RHEL 8.4 server
Description of problem:
Remediations for scan with xccdf_org.ssgproject.content_profile_ism_o do not actually remediate failed test results
Version-Release number of selected component (if applicable):
scap-security-guide-0.1.57-5.el8.noarch.rpm
How reproducible:
100%
Steps to Reproduce:
1. Run evaluation with:
Profile ID xccdf_org.ssgproject.content_profile_ism_o
Benchmark ID xccdf_org.ssgproject.content_benchmark_RHEL-8
2. The test report includes failed results for
- Record Any Attempts to Run restorecon
- Record Any Attempts to Run seunshare
Respective remediation is to add audit rules:
-a always,exit -F path=/usr/sbin/restorecon -F auid>=1000 -F auid!=unset -F key=privileged
-a always,exit -F path=/usr/sbin/seunshare -F auid>=1000 -F auid!=unset -F key=privileged
3. Re-run of the evaluation will not remediate these two errors.
The actual audit rules required to remediate failed results are respectively:
-a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged
-a always,exit -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged
Actual results:
"Description" in the test report do not remediate failed results.
Expected results:
"Description" in the test report remediates failed results.
Additional info:
Comment 2Gabriel Gaspar Becker
2021-11-16 12:29:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2022:1900
Created attachment 1841934 [details] A samle test result against RHEL 8.4 server Description of problem: Remediations for scan with xccdf_org.ssgproject.content_profile_ism_o do not actually remediate failed test results Version-Release number of selected component (if applicable): scap-security-guide-0.1.57-5.el8.noarch.rpm How reproducible: 100% Steps to Reproduce: 1. Run evaluation with: Profile ID xccdf_org.ssgproject.content_profile_ism_o Benchmark ID xccdf_org.ssgproject.content_benchmark_RHEL-8 2. The test report includes failed results for - Record Any Attempts to Run restorecon - Record Any Attempts to Run seunshare Respective remediation is to add audit rules: -a always,exit -F path=/usr/sbin/restorecon -F auid>=1000 -F auid!=unset -F key=privileged -a always,exit -F path=/usr/sbin/seunshare -F auid>=1000 -F auid!=unset -F key=privileged 3. Re-run of the evaluation will not remediate these two errors. The actual audit rules required to remediate failed results are respectively: -a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged -a always,exit -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged Actual results: "Description" in the test report do not remediate failed results. Expected results: "Description" in the test report remediates failed results. Additional info: