Hide Forgot
In the RHEL 7.3 beta installed, when selecting the DoD STIG UPSTREAM profile, the following rule remains non-compliant: - CCE-27127-0: xccdf_org.ssgproject.content_rule_sysctl_kernel_randomize_va_space When manually attempting to remediate, a "ERROR" return code is generated (e.g. when doing "oscap xccdf eval --remediate...."). The RHEL installer should appropriate configure this security item.
Upstream bug: https://github.com/OpenSCAP/scap-security-guide/issues/1454
Upstream PR https://github.com/OpenSCAP/scap-security-guide/pull/1555 should fix this.
Verified for version scap-security-guide-0.1.33-5.el7.noarch Verification performed using SSG Test Suite https://github.com/OpenSCAP/scap-security-guide/commits/ba02d65857f02c824e18878e238ff8a9aea657c1 OLD: scap-security-guide-0.1.30-3.el7.noarch INFO - xccdf_org.ssgproject.content_rule_sysctl_kernel_randomize_va_space INFO - Script comment.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp-rhel7-server ERROR - Scan has exited with return code 2, instead of expected 0 during stage remediation ERROR - Rule result should have been "fixed", but is "fail, error"! INFO - Script line_not_there.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp-rhel7-server ERROR - Scan has exited with return code 2, instead of expected 0 during stage remediation ERROR - Rule result should have been "fixed", but is "fail, error"! INFO - Script wrong_value.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp-rhel7-server ERROR - Scan has exited with return code 2, instead of expected 0 during stage remediation ERROR - Rule result should have been "fixed", but is "fail, error"! INFO - Script correct_value.pass.sh using profile xccdf_org.ssgproject.content_profile_ospp-rhel7-server INFO - All snapshots reverted successfully NEW: INFO - xccdf_org.ssgproject.content_rule_sysctl_kernel_randomize_va_space INFO - Script comment.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp-rhel7 INFO - Script line_not_there.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp-rhel7 INFO - Script wrong_value.fail.sh using profile xccdf_org.ssgproject.content_profile_ospp-rhel7 INFO - Script correct_value.pass.sh using profile xccdf_org.ssgproject.content_profile_ospp-rhel7 INFO - All snapshots reverted successfully
*** Bug 1441325 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2064