Bug 1464516 - Some rules are resulting in error when scanning docker images
Some rules are resulting in error when scanning docker images
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-security-guide (Show other bugs)
7.4
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Watson Yuuma Sato
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-23 11:57 EDT by Matus Marhefka
Modified: 2017-06-24 20:59 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matus Marhefka 2017-06-23 11:57:16 EDT
Description of problem:
Scanning of rhel7 image reports xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts rule with result 'unknown' for profiles profile_rht-ccp and profile_pci-dss_centric.

Scanning of rhel6 image reports xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts rule with result 'unknown' and xccdf_org.ssgproject.content_rule_umask_for_daemons rule with result 'error' for all the profiles.


Version-Release number of selected component (if applicable):
scap-security-guide-0.1.33-5.el7.noarch

How reproducible:
always


Steps to Reproduce:
RHEL7:
======
# oscap-docker image rhel7:7.3 xccdf eval --profile xccdf_org.ssgproject.content_profile_rht-ccp /usr/share/xml/scap/ssg/content//ssg-rhel7-ds.xml
Title
	Ensure that System Accounts Do Not Run a Shell Upon Login
Rule
	xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts
Ident
	CCE-26448-1
Result
	unknown

RHEL6:
======
# oscap-docker image rhel6:6.9 xccdf eval --profile xccdf_org.ssgproject.content_profile_C2S /usr/share/xml/scap/ssg/content//ssg-rhel6-ds.xml
Rule
	xccdf_org.ssgproject.content_rule_umask_for_daemons
Ident
	CCE-27031-4
Ident
	DISA FSO RHEL-06-000346
Result
	error

Title
	Ensure that System Accounts Do Not Run a Shell Upon Login
Rule
	xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts
Ident
	CCE-26966-2
Result
	unknown


Actual results:
Rule xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts result is 'unknown' for both RHEL6 and RHEL7, rule xccdf_org.ssgproject.content_rule_umask_for_daemons results in 'error' for RHEL6.

Expected results:
All the rules pass.

Note You need to log in before you can comment on or make changes to this bug.