SCAP Security Guide now supports OSPP v4.2
This update of the _scap-security-guide_ packages introduces a new profile defining the core requirements of OSPP (General-Purpose Operating System Protection Profile) v4.2. The new profile ID is `ospp42`, and the previously released profile USGCB (United States Government Configuration Baseline) OSPP v4.0 is available with ID `ospp`.
Description of problem:
OSPP profile shipped in RHEL7 is currently v4.0. As the latest version is v4.2, it's desired to have that version available, either as a replacement, or as a separate profile.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
2. open /usr/share/doc/scap-security-guide-doc-0.1.40/ssg-rhel7-guide-ospp.html from scap-security-guide-doc
No explicit OSPP profile, and USGCB profile has in the guide this:
NIAP Protection Profile for General Purpose Operating Systems v4.0 (OSPP v4.0)
Either explicit OSPP profile is available, following v4.2 or USGCB profile is updated.
Created attachment 1486946 [details]
State of profile ospp42
Verified for version scap-security-guide-0.1.40-12.el7
Profile with core OSPP v4.2 rules is part of SCAP Security Guide package, with these statistics:
Total rules: 176
Passing (after remediation): 151
Passing (if https://github.com/linux-audit/audit-userspace/blob/master/rules/30-ospp-v42.rules is present in /etc/audit/rules.d/): 167
Deliberate failures: 2 (it is up to user to set it appropriately)
Failing remediations: 3 (sudo and sudoedit will pass when remediation is performed once again)
Rules without OVAL: 3 (Ensure Software Patches Installed is special case)
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.