Bug 1265738 - Tracker bug for SSG RHEL-7's "Verify and Correct File Permissions with RPM" rule failures
Summary: Tracker bug for SSG RHEL-7's "Verify and Correct File Permissions with RPM" r...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-security-guide
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Michal Šrubař
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-23 15:31 UTC by Jan Lieskovsky
Modified: 2016-02-01 01:54 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-10-01 08:38:35 UTC
Target Upstream Version:


Attachments (Terms of Use)
HTML report of PCI-DSS profile scan on clean RHEL-7.2 Beta system. (1.85 MB, text/html)
2015-09-23 15:47 UTC, Jan Lieskovsky
no flags Details

Description Jan Lieskovsky 2015-09-23 15:31:38 UTC
Description of problem:

Scanning RHEL-7.2 Beta system against the PCI-DSS profile currently returns failure only on one rule:

"Verify and Correct File Permissions with RPM"

This is *not* problem with the underlying OVAL content. The problem is that different packages (see list below) does not properly mark selected files as to be ignored for the RPM verify test, leading into:

  $ rpm -V

command to fail with these packages.


How reproducible:
Always

Steps to Reproduce:
1. Scan RHEL-7.2 Beta system against the PCI-DSS profile

Actual results:
The "Verify and Correct File Permissions with RPM" rule fails.

Expected results:
The "Verify and Correct File Permissions with RPM" passes.

Comment 2 Jan Lieskovsky 2015-09-23 15:47:54 UTC
Created attachment 1076260 [details]
HTML report of PCI-DSS profile scan on clean RHEL-7.2 Beta system.

Checkout the failing state of "Verify and Correct File Permissions with RPM" rule and mainly items violating the test.

Comment 3 Jan Lieskovsky 2015-10-01 08:38:35 UTC
Closing this one. After further investigation it has been realized the problem isn't in the particular packages the RPM verify package check is run at. But rather source of the problem is elsewhere. Therefore this bug is not needed anymore.

Closing as such.


Note You need to log in before you can comment on or make changes to this bug.