1265738 – Tracker bug for SSG RHEL-7's "Verify and Correct File Permissions with RPM" rule failures

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1265738 - Tracker bug for SSG RHEL-7's "Verify and Correct File Permissions with RPM" rule failures

Summary: Tracker bug for SSG RHEL-7's "Verify and Correct File Permissions with RPM" r...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Michal Šrubař
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-09-23 15:31 UTC by Jan Lieskovsky
Modified:	2016-02-01 01:54 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-10-01 08:38:35 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
HTML report of PCI-DSS profile scan on clean RHEL-7.2 Beta system. (1.85 MB, text/html) 2015-09-23 15:47 UTC, Jan Lieskovsky	no flags	Details
View All

Description Jan Lieskovsky 2015-09-23 15:31:38 UTC

Description of problem:

Scanning RHEL-7.2 Beta system against the PCI-DSS profile currently returns failure only on one rule:

"Verify and Correct File Permissions with RPM"

This is *not* problem with the underlying OVAL content. The problem is that different packages (see list below) does not properly mark selected files as to be ignored for the RPM verify test, leading into:

  $ rpm -V

command to fail with these packages.


How reproducible:
Always

Steps to Reproduce:
1. Scan RHEL-7.2 Beta system against the PCI-DSS profile

Actual results:
The "Verify and Correct File Permissions with RPM" rule fails.

Expected results:
The "Verify and Correct File Permissions with RPM" passes.

Comment 2 Jan Lieskovsky 2015-09-23 15:47:54 UTC

Created attachment 1076260 [details]
HTML report of PCI-DSS profile scan on clean RHEL-7.2 Beta system.

Checkout the failing state of "Verify and Correct File Permissions with RPM" rule and mainly items violating the test.

Comment 3 Jan Lieskovsky 2015-10-01 08:38:35 UTC

Closing this one. After further investigation it has been realized the problem isn't in the particular packages the RPM verify package check is run at. But rather source of the problem is elsewhere. Therefore this bug is not needed anymore.

Closing as such.

Note You need to log in before you can comment on or make changes to this bug.