2170530 – xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay should allow whitespace in "smtpd_client_restrictions" value

Bug 2170530 - xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay should allow whitespace in "smtpd_client_restrictions" value

Summary: xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay should a...

Keywords:
Status:	MODIFIED
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	8.7
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Vojtech Polasek
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2228471 2228472
TreeView+	depends on / blocked

Reported:	2023-02-16 15:57 UTC by Renaud Métrich
Modified:	2023-08-14 13:08 UTC (History)
CC List:	8 users (show)
Fixed In Version:	scap-security-guide-0.1.69-1.el8
Doc Type:	Bug Fix
Doc Text:	Cause: the OVAL check of SCAP rule xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay was too strict and it did not account for Postconf configuration assignment statements which contained white spaces around the "=" sign. Consequence: The rule was reported as failing in the final report eventhough there existed a configuration technically meeting requirements of the rule. Fix: The rule was modified so that the check accepts statements with white spaces around the "=" sign. Result: Rule is now marked as passing in the final report for correct configuration statements.
Clone Of:
Clones:	2228471 2228472 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	ComplianceAsCode content pull 10219	0	None	open	postfix_prevent_unrestricted_relay: allow whitespaces and no comma for 'smtpd_client_restrictions' value	2023-02-16 15:57:00 UTC
Red Hat Issue Tracker	RHELPLAN-148941	0	None	None	None	2023-02-16 15:59:32 UTC

Description Renaud Métrich 2023-02-16 15:57:00 UTC

Description of problem:

See Upstream PR https://github.com/ComplianceAsCode/content/pull/10219.

From postconf(5) manpage, keywords for property smtpd_client_restrictions can be separated by commas and/or whitespaces.

With current code using whitespaces makes the rule fail.

Version-Release number of selected component (if applicable):

scap-security-guide-0.1.66-2.el8_7

How reproducible:

Always

Steps to Reproduce:
1. Add "smtpd_client_restrictions = permit_mynetworks, reject" in /etc/postfix/main.cfg
2. Execute the rule

Actual results:

Fail

Expected results:

Pass

Comment 2 Vojtech Polasek 2023-06-21 09:10:06 UTC

The PR https://github.com/ComplianceAsCode/content/pull/10219 has been merged.

Note You need to log in before you can comment on or make changes to this bug.