Bug 1983061 - The rules CCE-80763-6 and CCE-83496-0 should not be there in RHEL CIS compliance policy
Summary: The rules CCE-80763-6 and CCE-83496-0 should not be there in RHEL CIS complia...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: scap-security-guide
Version: 8.3
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: beta
: ---
Assignee: Marcus Burghardt
QA Contact: Matus Marhefka
Jan Fiala
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-16 11:18 UTC by Nikhil Gupta
Modified: 2022-05-10 14:42 UTC (History)
7 users (show)

Fixed In Version: scap-security-guide-0.1.59-1.el8
Doc Type: Bug Fix
Doc Text:
.STIG-specific default banner text removed from other profiles Previously, banner text from the STIG profile was used as default by other profiles that did not have a default text defined, such as CIS. As a consequence, systems using these profiles were configured with the specific text required by DISA. With this update, a generic default text was created and a standard CIS banner aligned with the guidelines was defined. As a result, profiles based on guidelines which explicitly require a text banner are now aligned with the requirements and set the correct text.
Clone Of:
Environment:
Last Closed: 2022-05-10 14:14:34 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)
Screenshot (526.42 KB, image/png)
2021-07-16 11:20 UTC, Nikhil Gupta
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:1900 0 None None None 2022-05-10 14:14:44 UTC

Description Nikhil Gupta 2021-07-16 11:18:20 UTC
Description of problem:
We are scanning our systems for compliance with the RHEL 8 CIS policy.. The following 2 rules are not CIS and should be not there. 

~~~
Actual results:
Title   Modify the System Message of the Day Banner
Rule    xccdf_org.ssgproject.content_rule_banner_etc_motd
Ident   CCE-83496-0
Result  fail

Title   Modify the System Login Banner
Rule    xccdf_org.ssgproject.content_rule_banner_etc_issue
Ident   CCE-80763-6
Result  fail
~~~

Both of these rules are to do with banner of /etc/motd and are to do with US government banner message..  


Version-Release number of selected component (if applicable):
scap-security-guide-0.1.54-5.el8.noarch

How reproducible:
Always

Steps to Reproduce:
1. Register server on Insights portal
2. Assign RHEL 8 CIS policy to the server 
3. Run "insights-client --compliance" command on server.

Actual results:
The following 2 rules are marked as false positive:
~~~
Modify the System Message of the Day Banner
Modify the System Login Banner
~~~

Expected results:
These rules does not exist in CIS. These are NIST rules.

Comment 1 Nikhil Gupta 2021-07-16 11:20:14 UTC
Created attachment 1802416 [details]
Screenshot

Comment 6 Marcus Burghardt 2021-10-12 07:36:59 UTC
Fix merged in Upstream:
https://github.com/ComplianceAsCode/content/pull/7690

Comment 25 errata-xmlrpc 2022-05-10 14:14:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1900


Note You need to log in before you can comment on or make changes to this bug.