Description of problem:
The content for the French regulation ANSSI DAT-NT28 is not available for RHEL
Version-Release number of selected component (if applicable):
0.1.33 (And Fedora upstream)
Steps to Reproduce:
1. yum install scap-security-guide
2. oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
3. ANSSI not in the list of profiles
In upstream SSG it is available for Debian, see https://github.com/OpenSCAP/scap-security-guide/tree/master/Debian/8/profiles
Could you chime in on Marek's comments#15 here;
It started as a RHEL Profile request.
There are a few updates in ANSSI profile:
1. Mappings to enhanced and high profile: https://github.com/ComplianceAsCode/content/pull/4351
2. Add ANSSI network sysctl rules: https://github.com/ComplianceAsCode/content/pull/4345
3. Rule mappings: https://github.com/ComplianceAsCode/content/pull/4439
4. Profile enabled along with a few rules selected:https://github.com/ComplianceAsCode/content/pull/4615
About 40 requirements (out of 69) have no rule assigned to them. So about 42% requirement coverage.
It is important to note that some requirements are not actionable, like R16 - Repositories of hardened packages.
Red Hat Enterprise Linux 7 shipped it's final minor release on September 29th, 2020. 7.9 was the last minor releases scheduled for RHEL 7.
From intial triage it does not appear the remaining Bugzillas meet the inclusion criteria for Maintenance Phase 2 and will now be closed.
From the RHEL life cycle page:
"During Maintenance Support 2 Phase for Red Hat Enterprise Linux version 7,Red Hat defined Critical and Important impact Security Advisories (RHSAs) and selected (at Red Hat discretion) Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available."
If this BZ was closed in error and meets the above criteria please re-open it flag for 7.9.z, provide suitable business and technical justifications, and follow the process for Accelerated Fixes:
Feature Requests can re-opened and moved to RHEL 8 if the desired functionality is not already present in the product.
Please reach out to the applicable Product Experience Engineer if you have any questions or concerns.
Apologies for the inadvertent closure.
Granting devel ACK, as the engineering aims to deliver minimal, intermediary and enhanced profiles of the ANSSI policy that would cover rules that are automation-friendly.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.