Hide Forgot
Description of problem: OSPP profile shipped in RHEL7 is currently v4.0. As the latest version is v4.2, it's desired to have that version available, either as a replacement, or as a separate profile. Version-Release number of selected component (if applicable): scap-security-guide-0.1.40-2.el7 How reproducible: reliably Steps to Reproduce: 1. oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 2. open /usr/share/doc/scap-security-guide-doc-0.1.40/ssg-rhel7-guide-ospp.html from scap-security-guide-doc 3. Actual results: No explicit OSPP profile, and USGCB profile has in the guide this: NIAP Protection Profile for General Purpose Operating Systems v4.0 (OSPP v4.0) Expected results: Either explicit OSPP profile is available, following v4.2 or USGCB profile is updated. Additional info:
Created attachment 1486946 [details] State of profile ospp42 Verified for version scap-security-guide-0.1.40-12.el7 Profile with core OSPP v4.2 rules is part of SCAP Security Guide package, with these statistics: Total rules: 176 Passing (after remediation): 151 Passing (if https://github.com/linux-audit/audit-userspace/blob/master/rules/30-ospp-v42.rules is present in /etc/audit/rules.d/): 167 Deliberate failures: 2 (it is up to user to set it appropriately) Failing remediations: 3 (sudo and sudoedit will pass when remediation is performed once again) Rules without OVAL: 3 (Ensure Software Patches Installed is special case)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3308