Hide Forgot
Description of problem: # yum install aide -y # vim /etc/crontab //As directed in 'scan-xccdf-report.html' 05 4 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost //Passes Test 05 4 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" abc.xyz.df.gh //Fails test # oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report report.html --results scan-xccdf-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml Title Configure Notification of Post-AIDE Scan Details Rule xccdf_org.ssgproject.content_rule_aide_scan_notification Ident CCE-80374-2 Result fail # /////////Fix For Same///////////// Option-1: /etc/crontab 05 4 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root.df.gh Option-2: # vim /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml Replace: if ! grep -qR '^.*\/usr\/sbin\/aide\s*\-\-check.*\|.*\/bin\/mail\s*-s\s*".*"\s*root@.*$' $CRONTAB $VARSPOOL $CRONDIRS; then With if ! grep -qR '^.*\/usr\/sbin\/aide\s*\-\-check.*\|.*\/bin\/mail\s*-s\s*".*"\s**@.*$' $CRONTAB $VARSPOOL $CRONDIRS; then //////Further Questions///////// 1. Why Email ID of root is expected? Why cannot a normal user Email ID is used? Since a normal user can also run openscap test. 2. Why Email ID format root@something fixed? Version-Release number of selected component (if applicable): openscap-1.2.14-2.el7.x86_64.rpm How reproducible: Always Steps to Reproduce: 1. Mentioned in case description 2. 3. Actual results: Aide can only send mail to root account. Expected results: Aide should be able to send email to any user-mail. Additional info:
Switching this to the correct component.
Thanks Jan. I had this in my mind. But forgot to do in haste. Great Thanks!!!
Patch upstream: https://github.com/OpenSCAP/scap-security-guide/pull/2599
PR https://github.com/OpenSCAP/scap-security-guide/pull/2500 is also needed for this bug.
Verified fix is in version scap-security-guide-0.1.40-5.el7 Tested with SSG Test Suite, on the commit commit 2dc31c16cc6aa961d1e93e17b0f08ab83a82abfd With command line arguments: --libvirt qemu:///system ssg-test-suite-rhel7 --xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml --remediate-using ansible rule_aide_scan_notification DataStream used (md5) : e445217bb8024176edeae9a55137cc48 ./0.1.36-7.rhel7.ds.xml Setting console output to log level INFO INFO - The base image option has not been specified, choosing libvirt-based test environment. INFO - Logging into /home/dahaic/RH/git/upstream/dahaic/scap-security-guide/tests/logs/rule-custom-2018-09-17-0015/test_suite.log INFO - xccdf_org.ssgproject.content_rule_aide_scan_notification ERROR - Script cron_weekly_configured.pass.sh using profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa found issue: ERROR - Scan has exited with return code 2, instead of expected 0 during stage initial ERROR - The initial scan failed for rule 'xccdf_org.ssgproject.content_rule_aide_scan_notification'. ERROR - Script crontab_configured.pass.sh using profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa found issue: ERROR - Scan has exited with return code 2, instead of expected 0 during stage initial ERROR - The initial scan failed for rule 'xccdf_org.ssgproject.content_rule_aide_scan_notification'. INFO - Script crontab_just_periodic_checking.fail.sh using profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa OK ERROR - Scan has exited with return code 2, instead of expected 0 during stage final ERROR - The check after remediation failed for rule 'xccdf_org.ssgproject.content_rule_aide_scan_notification'. INFO - Script default.fail.sh using profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa OK ERROR - Scan has exited with return code 2, instead of expected 0 during stage final ERROR - The check after remediation failed for rule 'xccdf_org.ssgproject.content_rule_aide_scan_notification'. ERROR - Script var_cron_configured.pass.sh using profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa found issue: ERROR - Scan has exited with return code 2, instead of expected 0 during stage initial ERROR - The initial scan failed for rule 'xccdf_org.ssgproject.content_rule_aide_scan_notification'. DataStream used (md5) : 1b70337c8805d0107eadbaa89bc11ad5 ./0.1.40-5.rhel7.ds.xml Setting console output to log level INFO INFO - The base image option has not been specified, choosing libvirt-based test environment. INFO - Logging into /home/dahaic/RH/git/upstream/dahaic/scap-security-guide/tests/logs/rule-custom-2018-09-17-0021/test_suite.log INFO - xccdf_org.ssgproject.content_rule_aide_scan_notification INFO - Script cron_weekly_configured.pass.sh using profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa OK INFO - Script crontab_configured.pass.sh using profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa OK INFO - Script crontab_just_periodic_checking.fail.sh using profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa OK ERROR - Scan has exited with return code 2, instead of expected 0 during stage final ERROR - The check after remediation failed for rule 'xccdf_org.ssgproject.content_rule_aide_scan_notification'. INFO - Script default.fail.sh using profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa OK ERROR - Scan has exited with return code 2, instead of expected 0 during stage final ERROR - The check after remediation failed for rule 'xccdf_org.ssgproject.content_rule_aide_scan_notification'. INFO - Script var_cron_configured.pass.sh using profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa OK Note: errors might happen - this particular bug is tested by scenario `var_cron_configured.pass.sh` which is passing in new version.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3308