Bug 1465675 - 14 audit related rules fail to remediate on fresh installed system
14 audit related rules fail to remediate on fresh installed system
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-security-guide (Show other bugs)
7.4
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Watson Yuuma Sato
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-27 18:43 EDT by Marek Haicman
Modified: 2017-11-16 11:22 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marek Haicman 2017-06-27 18:43:21 EDT
Description of problem:
When remediations of complex profiles shipped in scap-security-guide are applied to freshly installed system (note - not using anaconda, but after the installation is finished), 14 audit related rules stays incompliant, these rules are:

C2S and CJIS profiles:
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading

OSPP, STIG profiles:
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate
--
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete
--
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd
xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd



Version-Release number of selected component (if applicable):
scap-security-guide-0.1.33-5.el7.noarch

How reproducible:
reliably

Steps to Reproduce:
1. install fresh RHEL7.4 machine
2. run remediation of one of the aforementioned profiles
3.

Actual results:
Rules still failing after the remediation

Expected results:
Rules passing after the remediation

Additional info:
Comment 1 Watson Yuuma Sato 2017-11-16 11:22:11 EST
On RHEL7.4 with scap-security-guide-0.1.36, scan after remediation of following Rules report pass:
rule_audit_rules_unsuccessful_file_modification_*
rule_audit_rules_usergroup_modification_*

But Rule xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading errors on remediation.

Note You need to log in before you can comment on or make changes to this bug.