Bug 1976123 - Ansible remediations of 3 dconf_gnome related rules don't work properly
Summary: Ansible remediations of 3 dconf_gnome related rules don't work properly
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-security-guide
Version: 7.9
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Vojtech Polasek
QA Contact: Milan Lysonek
Jan Fiala
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-25 09:13 UTC by Matus Marhefka
Modified: 2021-12-07 09:47 UTC (History)
9 users (show)

Fixed In Version: scap-security-guide-0.1.57-4.el7_9
Doc Type: Bug Fix
Doc Text:
.Fixed Ansible remediations for `scap-security-guide` GNOME `dconf` rules Previously, Ansible remediations for some rules covering the GNOME `dconf` configuration systems were not aligned with the corresponding OVAL checks. Consequently, Ansible incorrectly remediated the following rules, marking them as `failed` in subsequent scans: * `dconf_gnome_screensaver_idle_activation_enabled` * `dconf_gnome_screensaver_idle_delay` * `dconf_gnome_disable_automount_open` With the update released in the link:https://access.redhat.com/errata/RHBA-2021:4781[RHBA-2021:4781] advisory, Ansible regular expressions have been fixed. As a result, these rules remediate correctly in the `dconf` configuration.
Clone Of:
Environment:
Last Closed: 2021-11-23 17:14:34 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2021:4781 0 None None None 2021-11-23 17:14:39 UTC

Description Matus Marhefka 2021-06-25 09:13:21 UTC
Description of problem:
Ansible remediations of the following rules don't work properly:

dconf_gnome_screensaver_idle_activation_enabled
dconf_gnome_screensaver_idle_delay
dconf_gnome_disable_automount_open

Most likely the Ansible remediations are not aligned with the respective OVAL checks.

Version-Release number of selected component (if applicable):
scap-security-guide-0.1.54-6.el7_9

How reproducible:
always

Steps to Reproduce:
1. Generate Ansible fix for the 3 mentioned rules.
2. Apply generated Ansible playbook(s).
3. Evaluate these rules using openscap.

Actual results:
The rules are failing after the evaluation with openscap.

Expected results:
The rules are passing after the evaluation with openscap.


Additional info:

Comment 3 Gabriel Gaspar Becker 2021-06-25 11:02:32 UTC
The following rules should be fixed by these PRs

dconf_gnome_screensaver_idle_activation_enabled
https://github.com/ComplianceAsCode/content/pull/7047

dconf_gnome_screensaver_idle_delay
https://github.com/ComplianceAsCode/content/pull/6770

Comment 5 Gabriel Gaspar Becker 2021-06-30 13:54:26 UTC
The rule dconf_gnome_disable_automount_open is fixed by:
https://github.com/ComplianceAsCode/content/pull/7150

Comment 20 errata-xmlrpc 2021-11-23 17:14:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4781

Comment 23 Jan Fiala 2021-12-06 14:26:43 UTC
Thanks Vojtech for the comment. I adjusted the doc text slightly, but I don't have any more information I could provide. Is there any other info missing?


Note You need to log in before you can comment on or make changes to this bug.