Bug 2168072
Summary: | Two CIS Level 2 Benchmarks are listed in scap-security-guide under CIS Level 1 Profile [rhel-8.7.0.z] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | RHEL Program Management Team <pgm-rhel-tools> |
Component: | scap-security-guide | Assignee: | Vojtech Polasek <vpolasek> |
Status: | CLOSED ERRATA | QA Contact: | Milan Lysonek <mlysonek> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 8.7 | CC: | abjoshi, ggasparb, mhaicman, mlysonek, wsato |
Target Milestone: | rc | Keywords: | Triaged, ZStream |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | scap-security-guide-0.1.66-1.el8_7 | Doc Type: | Bug Fix |
Doc Text: |
Cause:
Following rules were present in incorrect CIS profiles.
kernel_module_udf_disabled, sudo_require_authentication and kernel_module_squashfs_disabled - were incorrectly placed in CIS Server Level 1 and CIS Workstation Level 1 - should be only in CIS Server Level 2 and CIS Workstation Level 2
package_libselinux_installed, grub2_enable_selinux, selinux_policytype, selinux_confinement_of_daemons, rsyslog_nolisten, service_systemd-journald_enabled - rules were added also to CIS Server Level 1 and to CIS Workstation Level 1
package_setroubleshoot_removed, package_mcstrans_removed - rules were added to CIS Server Level 1
Profiles cis, cis_server_l1, cis_workstation_1, and cis_workstation_l2 represent four possible variants of CIS benchmark.
Consequence:
When scanning a system with some variant of CIS profile, some rules could be left out or be checked in addition when compared to the CIS benchmark.
Fix:
Misaligned rules were assigned to correct CIS profile variants. No new rules were introduced and no rules were entirely removed.
Result:
SCAP CIS profiles should be better aligned with the original CIS benchmark.
|
Story Points: | --- |
Clone Of: | 2162803 | Environment: | |
Last Closed: | 2023-02-21 07:15:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2162803 | ||
Bug Blocks: |
Comment 13
errata-xmlrpc
2023-02-21 07:15:08 UTC
|