Bug 2119356 - audit_rules_usergroup_modification_shadow don't remediate existing audit rule
Summary: audit_rules_usergroup_modification_shadow don't remediate existing audit rule
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: scap-security-guide
Version: 8.7
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Vojtech Polasek
QA Contact: Jiri Jaburek
Jan Fiala
Depends On:
Blocks: 2120978 2123367 2168060 2168061 2168062
TreeView+ depends on / blocked
Reported: 2022-08-18 12:39 UTC by Milan Lysonek
Modified: 2023-03-13 13:59 UTC (History)
9 users (show)

Fixed In Version: scap-security-guide-0.1.66-1.el8
Doc Type: Bug Fix
Doc Text:
.Scans and remediations correctly ignore SCAP Audit rules Audit key Previously, Audit watch rules that were defined without an Audit key (`-k` or `-F` key) encountered the following problems: * The rules were marked as non-compliant even if other parts of the rule were correct. * Bash remediation fixed the path and permissions of the watch rule, but it did not add the Audit key correctly. * Remediation sometimes did not fix the missing key, returning an `error` instead of a `fixed` value. This affected the following rules: * `audit_rules_login_events` * `audit_rules_login_events_faillock` * `audit_rules_login_events_lastlog` * `audit_rules_login_events_tallylog` * `audit_rules_usergroup_modification` * `audit_rules_usergroup_modification_group` * `audit_rules_usergroup_modification_gshadow` * `audit_rules_usergroup_modification_opasswd` * `audit_rules_usergroup_modification_passwd` * `audit_rules_usergroup_modification_shadow` * `audit_rules_time_watch_localtime` * `audit_rules_mac_modification` * `audit_rules_networkconfig_modification` * `audit_rules_sysadmin_actions` * `audit_rules_session_events` * `audit_rules_sudoers` * `audit_rules_sudoers_d` With this update, the Audit key has been removed from checks and from Bash and Ansible remediations. As a result, inconsistencies caused by the key field during checking and remediating no longer occur, and auditors can choose these keys arbitrarily to make searching Audit logs easier.
Clone Of:
: 2120978 2123367 2168060 2168061 2168062 (view as bug list)
Last Closed:
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-131409 0 None None None 2022-08-18 12:43:57 UTC

Comment 3 Watson Yuuma Sato 2022-09-16 09:29:05 UTC

Note You need to log in before you can comment on or make changes to this bug.