Bug 1265738 - Tracker bug for SSG RHEL-7's "Verify and Correct File Permissions with RPM" rule failures
Tracker bug for SSG RHEL-7's "Verify and Correct File Permissions with RPM" r...
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-security-guide (Show other bugs)
7.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Michal Šrubař
BaseOS QE Security Team
: Tracking
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-23 11:31 EDT by Jan Lieskovsky
Modified: 2016-01-31 20:54 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-01 04:38:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
HTML report of PCI-DSS profile scan on clean RHEL-7.2 Beta system. (1.85 MB, text/html)
2015-09-23 11:47 EDT, Jan Lieskovsky
no flags Details

  None (edit)
Description Jan Lieskovsky 2015-09-23 11:31:38 EDT
Description of problem:

Scanning RHEL-7.2 Beta system against the PCI-DSS profile currently returns failure only on one rule:

"Verify and Correct File Permissions with RPM"

This is *not* problem with the underlying OVAL content. The problem is that different packages (see list below) does not properly mark selected files as to be ignored for the RPM verify test, leading into:

  $ rpm -V

command to fail with these packages.


How reproducible:
Always

Steps to Reproduce:
1. Scan RHEL-7.2 Beta system against the PCI-DSS profile

Actual results:
The "Verify and Correct File Permissions with RPM" rule fails.

Expected results:
The "Verify and Correct File Permissions with RPM" passes.
Comment 2 Jan Lieskovsky 2015-09-23 11:47 EDT
Created attachment 1076260 [details]
HTML report of PCI-DSS profile scan on clean RHEL-7.2 Beta system.

Checkout the failing state of "Verify and Correct File Permissions with RPM" rule and mainly items violating the test.
Comment 3 Jan Lieskovsky 2015-10-01 04:38:35 EDT
Closing this one. After further investigation it has been realized the problem isn't in the particular packages the RPM verify package check is run at. But rather source of the problem is elsewhere. Therefore this bug is not needed anymore.

Closing as such.

Note You need to log in before you can comment on or make changes to this bug.