2176008 – "Add xxx Option to /var/log" and "Add xxx Option to /var/log/audit" should return "notapplicable" when no dedicated mount point is used

Bug 2176008 - "Add xxx Option to /var/log" and "Add xxx Option to /var/log/audit" should return "notapplicable" when no dedicated mount point is used

Summary: "Add xxx Option to /var/log" and "Add xxx Option to /var/log/audit" should re...

Keywords:
Status:	MODIFIED
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	8.7
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Vojtech Polasek
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2228473 2228474
TreeView+	depends on / blocked

Reported:	2023-03-07 06:57 UTC by Renaud Métrich
Modified:	2023-08-14 11:16 UTC (History)
CC List:	9 users (show)
Fixed In Version:	scap-security-guide-0.1.69-1.el8
Doc Type:	Bug Fix
Doc Text:	Cause: Following SCAP rules relevant to /var/log and /var/log/audit partitions were evaluated / remediated without first checking if the appropriate disk partition exists: - mount_option_var_log_audit_nodev - mount_option_var_log_audit_noexec - mount_option_var_log_audit_nosuid - mount_option_var_log_nodev - mount_option_var_log_noexec - mount_option_var_log_nosuid Consequence: Although directories /var/log or /var/log/audit were not mount points for individual partitions, rules were still evaluated and they were reported as failing in the final report. But they should not be evaluated at all. Fix: An applicability check was added so that if /var/log or /var/log/audit are not mount points for individual partitions, rules are not evaluated. Result: Rules are marked as "not applicable" in the final report.
Clone Of:
Clones:	2228473 2228474 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-150883	0	None	None	None	2023-03-07 07:04:00 UTC

Description Renaud Métrich 2023-03-07 06:57:24 UTC

Description of problem:

Currently executing rules "Add xxx Option to /var/log" and "Add xxx Option to /var/log/audit" on a system which is not configured with separate partitions returns "fail", whereas it should return "notapplicable".

Version-Release number of selected component (if applicable):

scap-security-guide-0.1.66-2.el8_7

How reproducible:

Always

Steps to Reproduce:
1. Execute "Add xxx Option to /var/log" rule on a system which doesn't have a /var/log partition

Actual results:

fail

Expected results:

notapplicable

Additional info:

PR has been submitted. Screenshots before / after PR attached.

Comment 6 Jan Černý 2023-05-09 12:29:33 UTC

In upstream, a "mount" applicability platform has been introduced by https://github.com/ComplianceAsCode/content/pull/10431. This platform has been added to rules for /tmp and /var/tmp mount options. What remains to be done there is to add the "mount" platform to the rules concerning /var/log and /var/log/audit, and also possibly to all other similar rules where it would make sense, as suggested in https://github.com/ComplianceAsCode/content/issues/10504.

Comment 7 Jan Černý 2023-07-04 10:52:01 UTC

A PR that introduces mount platforms to other rules has been merged to upstream: https://github.com/ComplianceAsCode/content/pull/10794

Note You need to log in before you can comment on or make changes to this bug.