Red Hat Bugzilla – Bug 1465478
default value is not taken into consideration, unless overwritten by tailoring
Last modified: 2017-06-28 21:20:01 EDT
Description of problem:
Rule ipv4_conf_all_secure_redirects does not use value defined by the profile, but some internal one. This is easily observable in scap-security-guide-0.1.30-3.el7.noarch, where value default should be [it's a bug actually] 1, but scan passes for 0. Only after selecting one in the tailoring (or selecting profile nist-cn-il-al, which has explicit "enable" in the profile), it starts failing.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. prepare machine to have runtime and configuration of ipv4_conf_all_secure_redirects = 0
2. scan with default 0.1.30-3 scap-security-guide
3. scan with re-selected value = 1
I am sorry, this is actually display bug in scap-workbench - C2S profile I have tested it on has explicit "disable" value, but scap-workbench still shows value as "1". If I use nist-cn-il-al, it fails correctly [i.e. 1 is expected] and when rule is enabled for different profile, it also expects 1 (i.e. value default).