Description of problem: When scanning a server with the C2S for Red Hat Enterprise Linux 7 (168) profile. Version-Release number of selected component (if applicable): scap-workbench-1.1.4-5.el7.x86_64 Steps to Reproduce: 1. Run $ sysctl -a|grep "ip_forward " and it will return 0 2. Perform the scan in scap-workbench 3. It will show failed for the test "Disable Kernel Parameter for IP Forwarding", if you repeat the above but add in "net.ipv4.ip_forward = 0" to /etc/sysctl.conf and rescan it will pass. Actual results: Fail Expected results: Pass since it's set correctly as the default. Additional info: For the case I'm working it's only for the "Disable Kernel Parameter for IP Forwarding" test, but the customer has a few other cases for other sysctl tests that exhibit the same failures but shouldn't.
I'm affected by this too. At 1st glance, it seems correlated with having libvirtd installed. (RHEL Workstation installs gnome-boxes by default, so it has libvirtd installed & running by default.) Disabling the libvirtd service, rebooting, and verifying that the virbr0 interface is gone (and that dnsmasq is not running at all) did not help though.
This is a content issue, changing component.
*** Bug 1502831 has been marked as a duplicate of this bug. ***
Hello, to be completely honest, I do not see harm in requiring explicit setting, even though default should be safe. There are some considerations that outweighs few more lines required in /etc/sysctl.conf file. From SSG standpoint, it is safer to share rules between multiple products, so user base of particular code snipped/configuration is larger. Different products has possibly kernels compiled with different flags, thus defaults might differ. So to take defaults to consideration, RHEL would need to have it's own, unshared, version of content. Also auditing the content would be slower, as one would have to cross check with documentation if given assumption of default value is valid or not. Based on this, I am changing summary of this bug (and scope itself) to changing the misleading descriptions.
https://github.com/ComplianceAsCode/content/pull/5269
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3909