Created attachment 1841934 [details]
A samle test result against RHEL 8.4 server
Description of problem:
Remediations for scan with xccdf_org.ssgproject.content_profile_ism_o do not actually remediate failed test results
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Run evaluation with:
Profile ID xccdf_org.ssgproject.content_profile_ism_o
Benchmark ID xccdf_org.ssgproject.content_benchmark_RHEL-8
2. The test report includes failed results for
- Record Any Attempts to Run restorecon
- Record Any Attempts to Run seunshare
Respective remediation is to add audit rules:
-a always,exit -F path=/usr/sbin/restorecon -F auid>=1000 -F auid!=unset -F key=privileged
-a always,exit -F path=/usr/sbin/seunshare -F auid>=1000 -F auid!=unset -F key=privileged
3. Re-run of the evaluation will not remediate these two errors.
The actual audit rules required to remediate failed results are respectively:
-a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged
-a always,exit -F path=/usr/sbin/seunshare -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged
"Description" in the test report do not remediate failed results.
"Description" in the test report remediates failed results.
Fix proposed upstream: https://github.com/ComplianceAsCode/content/pull/7885
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.