1983061 – The rules CCE-80763-6 and CCE-83496-0 should not be there in RHEL CIS compliance policy

Bug 1983061 - The rules CCE-80763-6 and CCE-83496-0 should not be there in RHEL CIS compliance policy

Summary: The rules CCE-80763-6 and CCE-83496-0 should not be there in RHEL CIS complia...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	8.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	beta
Target Release:	---
Assignee:	Marcus Burghardt
QA Contact:	Matus Marhefka
Docs Contact:	Jan Fiala
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-07-16 11:18 UTC by Nikhil Gupta
Modified:	2022-05-10 14:42 UTC (History)
CC List:	7 users (show)
Fixed In Version:	scap-security-guide-0.1.59-1.el8
Doc Type:	Bug Fix
Doc Text:	.STIG-specific default banner text removed from other profiles Previously, banner text from the STIG profile was used as default by other profiles that did not have a default text defined, such as CIS. As a consequence, systems using these profiles were configured with the specific text required by DISA. With this update, a generic default text was created and a standard CIS banner aligned with the guidelines was defined. As a result, profiles based on guidelines which explicitly require a text banner are now aligned with the requirements and set the correct text.
Clone Of:
Environment:
Last Closed:	2022-05-10 14:14:34 UTC
Type:	Bug
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Screenshot (526.42 KB, image/png) 2021-07-16 11:20 UTC, Nikhil Gupta	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2022:1900	0	None	None	None	2022-05-10 14:14:44 UTC

Description Nikhil Gupta 2021-07-16 11:18:20 UTC

Description of problem:
We are scanning our systems for compliance with the RHEL 8 CIS policy.. The following 2 rules are not CIS and should be not there. 

~~~
Actual results:
Title   Modify the System Message of the Day Banner
Rule    xccdf_org.ssgproject.content_rule_banner_etc_motd
Ident   CCE-83496-0
Result  fail

Title   Modify the System Login Banner
Rule    xccdf_org.ssgproject.content_rule_banner_etc_issue
Ident   CCE-80763-6
Result  fail
~~~

Both of these rules are to do with banner of /etc/motd and are to do with US government banner message..  


Version-Release number of selected component (if applicable):
scap-security-guide-0.1.54-5.el8.noarch

How reproducible:
Always

Steps to Reproduce:
1. Register server on Insights portal
2. Assign RHEL 8 CIS policy to the server 
3. Run "insights-client --compliance" command on server.

Actual results:
The following 2 rules are marked as false positive:
~~~
Modify the System Message of the Day Banner
Modify the System Login Banner
~~~

Expected results:
These rules does not exist in CIS. These are NIST rules.

Comment 1 Nikhil Gupta 2021-07-16 11:20:14 UTC

Created attachment 1802416 [details]
Screenshot

Comment 6 Marcus Burghardt 2021-10-12 07:36:59 UTC

Fix merged in Upstream:
https://github.com/ComplianceAsCode/content/pull/7690

Comment 25 errata-xmlrpc 2022-05-10 14:14:34 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1900

Note You need to log in before you can comment on or make changes to this bug.