Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1953523

Summary: The instructions are missing for some rules those report status ‘MANUAL’
Product: OpenShift Container Platform Reporter: Jakub Hrozek <jhrozek>
Component: Compliance OperatorAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Prashant Dhamdhere <pdhamdhe>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.6.zCC: josorior, mrogers, pdhamdhe, xiyuan
Target Milestone: ---   
Target Release: 4.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1953513 Environment:
Last Closed: 2021-05-26 16:05:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1936413, 1953513    
Bug Blocks:    

Comment 4 Prashant Dhamdhere 2021-04-29 10:44:10 UTC 
[Bug Verification]

This looks good. Now, the instructions are showing for rule 'rhcos4-sshd-limit-user-access' 


Verified on:
4.6.0-0.nightly-2021-04-28-215709 + compliance-operator.v0.1.32

$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-0.nightly-2021-04-28-215709   True        False         111m    Cluster version is 4.6.0-0.nightly-2021-04-28-215709

$ oc project openshift-compliance
Now using project "openshift-compliance" on server "https://api.pdhamdhegcp29.qe.gcp.devcluster.openshift.com:6443".

$ oc get csv
NAME                          DISPLAY               VERSION   REPLACES   PHASE
compliance-operator.v0.1.32   Compliance Operator   0.1.32               Succeeded


$ oc get pods
NAME                                              READY   STATUS    RESTARTS   AGE
compliance-operator-595bbbb4c6-5rltt              1/1     Running   0          25m
ocp4-openshift-compliance-pp-76cb4ff5b5-x4bm9     1/1     Running   0          24m
rhcos4-openshift-compliance-pp-69b864fb65-wkpwt   1/1     Running   0          24m


$ oc create -f - << EOF
> apiVersion: compliance.openshift.io/v1alpha1
> kind: ScanSettingBinding
> metadata:
>   name: instructions-check1
> profiles:
> - apiGroup: compliance.openshift.io/v1alpha1
>   kind: Profile
>   name: rhcos4-e8
> - apiGroup: compliance.openshift.io/v1alpha1
>   kind: Profile
>   name: rhcos4-moderate
> settingsRef:
>   apiGroup: compliance.openshift.io/v1alpha1
>   kind: ScanSetting
>   name: default
> EOF
scansettingbinding.compliance.openshift.io/instructions-check1 created


$ oc get suite 
NAME                  PHASE   RESULT
instructions-check1   DONE    NON-COMPLIANT


$ for i in `oc get compliancecheckresults -l compliance.openshift.io/check-status=MANUAL --no-headers | awk '{print $1}' `; do echo -e "******************Below is the instructions for rule $i"; oc get compliancecheckresults $i -o=jsonpath={.instructions}; echo -e "\n"; done
******************Below is the instructions for rule rhcos4-moderate-master-bios-disable-usb-boot


******************Below is the instructions for rule rhcos4-moderate-master-sshd-limit-user-access
To ensure sshd limits the users who can log in, run the following:
$ sudo grep AllowUsers /etc/ssh/sshd_config
If properly configured, the output should be a list of usernames allowed to log in
to this system.

******************Below is the instructions for rule rhcos4-moderate-master-wireless-disable-in-bios


******************Below is the instructions for rule rhcos4-moderate-worker-bios-disable-usb-boot


******************Below is the instructions for rule rhcos4-moderate-worker-sshd-limit-user-access
To ensure sshd limits the users who can log in, run the following:
$ sudo grep AllowUsers /etc/ssh/sshd_config
If properly configured, the output should be a list of usernames allowed to log in
to this system.

******************Below is the instructions for rule rhcos4-moderate-worker-wireless-disable-in-bios
Comment 6 errata-xmlrpc 2021-05-26 16:05:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Compliance Operator version 0.1.32 for OpenShift Container Platform 4.6), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1348