Bug 1983061 - The rules CCE-80763-6 and CCE-83496-0 should not be there in RHEL CIS compliance policy
Summary: The rules CCE-80763-6 and CCE-83496-0 should not be there in RHEL CIS complia...
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: scap-security-guide
Version: 8.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: beta
: ---
Assignee: Marcus Burghardt
QA Contact: Matus Marhefka
Jan Fiala
Depends On:
TreeView+ depends on / blocked
Reported: 2021-07-16 11:18 UTC by Nikhil Gupta
Modified: 2022-05-10 14:42 UTC (History)
7 users (show)

Fixed In Version: scap-security-guide-0.1.59-1.el8
Doc Type: Bug Fix
Doc Text:
.STIG-specific default banner text removed from other profiles Previously, banner text from the STIG profile was used as default by other profiles that did not have a default text defined, such as CIS. As a consequence, systems using these profiles were configured with the specific text required by DISA. With this update, a generic default text was created and a standard CIS banner aligned with the guidelines was defined. As a result, profiles based on guidelines which explicitly require a text banner are now aligned with the requirements and set the correct text.
Clone Of:
Last Closed: 2022-05-10 14:14:34 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)
Screenshot (526.42 KB, image/png)
2021-07-16 11:20 UTC, Nikhil Gupta
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:1900 0 None None None 2022-05-10 14:14:44 UTC

Description Nikhil Gupta 2021-07-16 11:18:20 UTC
Description of problem:
We are scanning our systems for compliance with the RHEL 8 CIS policy.. The following 2 rules are not CIS and should be not there. 

Actual results:
Title   Modify the System Message of the Day Banner
Rule    xccdf_org.ssgproject.content_rule_banner_etc_motd
Ident   CCE-83496-0
Result  fail

Title   Modify the System Login Banner
Rule    xccdf_org.ssgproject.content_rule_banner_etc_issue
Ident   CCE-80763-6
Result  fail

Both of these rules are to do with banner of /etc/motd and are to do with US government banner message..  

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Register server on Insights portal
2. Assign RHEL 8 CIS policy to the server 
3. Run "insights-client --compliance" command on server.

Actual results:
The following 2 rules are marked as false positive:
Modify the System Message of the Day Banner
Modify the System Login Banner

Expected results:
These rules does not exist in CIS. These are NIST rules.

Comment 1 Nikhil Gupta 2021-07-16 11:20:14 UTC
Created attachment 1802416 [details]

Comment 6 Marcus Burghardt 2021-10-12 07:36:59 UTC
Fix merged in Upstream:

Comment 25 errata-xmlrpc 2022-05-10 14:14:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.