Bug 2193169
| Summary: | journald config parameters not set up correctly after oscap remediation | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Julia Schindler <juschind> | |
| Component: | scap-security-guide | Assignee: | Jan Černý <jcerny> | |
| Status: | CLOSED ERRATA | QA Contact: | Milan Lysonek <mlysonek> | |
| Severity: | unspecified | Docs Contact: | Jan Fiala <jafiala> | |
| Priority: | unspecified | |||
| Version: | 9.1 | CC: | ekolesni, gfialova, ggasparb, jafiala, jcerny, jjaburek, mhaicman, mlysonek, mmarhefk, myllynen, openscap-maint, vpolasek | |
| Target Milestone: | rc | Keywords: | AutoVerified, Triaged, ZStream | |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
|
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | scap-security-guide-0.1.69-1.el9 | Doc Type: | Bug Fix | |
| Doc Text: |
.Rules related to `journald` configuration no longer add extra quotes
Previously, the SCAP Security Guide rules `journald_compress`, `journald_forward_to_syslog`, and `journald_storage` previously contained a bug in the remediation script which caused adding extra quotes to the configuration options in the `/etc/systemd/journald.conf` configuration file. Consequently, the `journald` system service failed to parse the configuration options and ignored them. Therefore, the configuration options were not effective. This caused false `pass` results in OpenSCAP scans. With this update, the rules and remediations scripts no longer add the extra quotes. As a result, these rules now produce a valid configuration for `journald`.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 2228439 2228440 (view as bug list) | Environment: | ||
| Last Closed: | 2023-11-07 08:37:02 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2228439, 2228440 | |||
|
Description
Julia Schindler
2023-05-04 14:29:37 UTC
analysis: Problem is present also in current upstream as of 2023-05-05 as of head 68e93c73061f4abdcbdc1f870d1b608d23239b9b. The problem is excess quotes in OVAL, Bash and Ansible in rules journald_storage and journald_compress. This BZ is related to https://bugzilla.redhat.com/show_bug.cgi?id=2169857 which is the same problem but only in rule journald_storage and is for RHEL 9. A possible fix can be to set "no_quotes: true" in the rule.yml in rules journald_storage and journald_compress. We need to examine all other similar rules that configure journald and/or use the shell_lineinfile template. Switching from openscap to correct component. There exists an already merged PR https://github.com/ComplianceAsCode/content/pull/10790 which implements the proposed solution. A test for rule journald_storage has been submitted to upstream for a review in https://github.com/ComplianceAsCode/content/pull/10817. A test for rule journald_compress has been submitted to upstream for a review in https://github.com/ComplianceAsCode/content/pull/10818. PRs https://github.com/ComplianceAsCode/content/pull/10790, https://github.com/ComplianceAsCode/content/pull/10817, and https://github.com/ComplianceAsCode/content/pull/10818 have been merged upstream. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:6552 |