Bug 2170530

Summary: xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay should allow whitespace in "smtpd_client_restrictions" value
Product: Red Hat Enterprise Linux 8 Reporter: Renaud Métrich <rmetrich>
Component: scap-security-guideAssignee: Vojtech Polasek <vpolasek>
Status: CLOSED ERRATA QA Contact: Milan Lysonek <mlysonek>
Severity: low Docs Contact: Jan Fiala <jafiala>
Priority: low    
Version: 8.7CC: ggasparb, jafiala, jcerny, jjaburek, matyc, mhaicman, mlysonek, peter.vreman, vpolasek, wsato
Target Milestone: rcKeywords: AutoVerified, Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.69-1.el8 Doc Type: Bug Fix
Doc Text:
.The `postfix_prevent_unrestricted_relay` rule now accepts white spaces around the `=` sign Previously, the OVAL check of the SCAP rule `xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay` was too strict and it did not account for `postconf` configuration assignment statements which contained white spaces around the `=` sign. As a consequence, the final report reported this rule as failing even for configurations that technically met the rule’s requirements. With this update, the rule was modified so that the check accepts statements with white spaces around the `=` sign. As a result, the final report rule now marks this rule as passing for correct configuration statements.
 Story Points: ---
Clone Of:
: 2228471 2228472 (view as bug list) Environment:
Last Closed: 2023-11-14 15:36:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2228471, 2228472    

Description Renaud Métrich 2023-02-16 15:57:00 UTC 
Description of problem:

See Upstream PR https://github.com/ComplianceAsCode/content/pull/10219.

From postconf(5) manpage, keywords for property smtpd_client_restrictions can be separated by commas and/or whitespaces.

With current code using whitespaces makes the rule fail.

Version-Release number of selected component (if applicable):

scap-security-guide-0.1.66-2.el8_7

How reproducible:

Always

Steps to Reproduce:
1. Add "smtpd_client_restrictions = permit_mynetworks, reject" in /etc/postfix/main.cfg
2. Execute the rule

Actual results:

Fail

Expected results:

Pass
Comment 2 Vojtech Polasek 2023-06-21 09:10:06 UTC 
The PR https://github.com/ComplianceAsCode/content/pull/10219 has been merged.
Comment 21 errata-xmlrpc 2023-11-14 15:36:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:7056