Bug 2168056
| Summary: | DISA STIG: SCAP kerberos related findings after realm join [rhel-8.4.0.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | RHEL Program Management Team <pgm-rhel-tools> |
| Component: | scap-security-guide | Assignee: | Gabriel Gaspar Becker <ggasparb> |
| Status: | CLOSED ERRATA | QA Contact: | Milan Lysonek <mlysonek> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.6 | CC: | ekolesni, ggasparb, jafiala, mhaicman, mlysonek, mmarhefk, vpolasek, wsato |
| Target Milestone: | rc | Keywords: | AutoVerified, Triaged, ZStream |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | scap-security-guide-0.1.66-1.el8_4 | Doc Type: | Bug Fix |
| Doc Text: |
.Old Kerberos rules changed to `notapplicable` in new versions of RHEL
Previously, some Kerberos-related rules failed while scanning against the DISA STIG profile on RHEL 8.2 and later systems in FIPS mode, even though the system should have been compliant. This was caused by the following rules:
* `xccdf_org.ssgproject.content_rule_package_krb5-server_removed`
* `xccdf_org.ssgproject.content_rule_package_krb5-workstation_removed`
* `xccdf_org.ssgproject.content_rule_kerberos_disable_no_keytab`
This update makes these rules not applicable for RHEL versions 8.2 and later. As a result, the scan correctly returns `notapplicable` for these rules.
|
Story Points: | --- |
| Clone Of: | 2099394 | Environment: | |
| Last Closed: | 2023-03-14 13:59:43 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2099394 | ||
| Bug Blocks: | |||
|
Comment 10
errata-xmlrpc
2023-03-14 13:59:43 UTC
|