Bug 1843913
| Summary: | Rule rpm_verify_permissions in CIS profile always fails | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Matus Marhefka <mmarhefk> |
| Component: | scap-security-guide | Assignee: | Vojtech Polasek <vpolasek> |
| Status: | CLOSED ERRATA | QA Contact: | Milan Lysonek <mlysonek> |
| Severity: | medium | Docs Contact: | Jan Fiala <jafiala> |
| Priority: | medium | ||
| Version: | 8.4 | CC: | gfialova, ggasparb, jafiala, lnarvaez, matyc, mhaicman, mjahoda, mlysonek, myllynen, qe-baseos-security, vpolasek, wsato |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | scap-security-guide-0.1.57-2.el8 | Doc Type: | Bug Fix |
| Doc Text: |
.`rpm_verify_permissions` removed from the CIS profile
The `rpm_verify_permissions` rule, which compares file permissions to package default permissions, has been removed from the Center for Internet Security (CIS) Red Hat Enterprise Linux 8 Benchmark. With this update, the CIS profile is aligned with the CIS RHEL 8 benchmark, and as a result, this rule no longer affects users who harden their systems according to CIS.
|
Story Points: | --- |
| Clone Of: | 1838622 | Environment: | |
| Last Closed: | 2021-11-09 18:43:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1838622 | ||
| Bug Blocks: | |||
|
Description
Matus Marhefka
2020-06-04 11:59:44 UTC
Both customer cases refer to the rpm_verify_permissions rule in the context of the CIS profile. As Vojta has indicated in the private https://bugzilla.redhat.com/show_bug.cgi?id=1843913#c8, the rule has been removed from the profile in https://github.com/ComplianceAsCode/content/pull/6976 Although the rule will still interact with the system in a way that triggered this BZ, it won't affect users that want to harden their systems according to the CIS policy. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4265 |