Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Bug 2228445
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh89 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
Bug 2228445
-
CIS profile flags the permissions on /boot/efi/EFI/redhat/user.cfg, but the permissions cannot be changed as directed [rhel-8.6.0.z]
Summary:
CIS profile flags the permissions on /boot/efi/EFI/redhat/user.cfg, but the p...
Keywords
:
Triaged
ZStream
Status
:
VERIFIED
Alias:
None
Product:
Red Hat Enterprise Linux 8
Classification:
Red Hat
Component:
scap-security-guide
Sub Component:
---
Version:
8.7
Hardware:
Unspecified
OS:
Linux
Priority:
unspecified
Severity:
medium
Target Milestone:
rc
Target Release
:
---
Assignee:
Marcus Burghardt
QA Contact:
Milan Lysonek
Docs Contact:
URL:
Whiteboard:
Depends On:
2184487
Blocks:
TreeView+
depends on
/
blocked
Reported:
2023-08-02 12:10 UTC by
RHEL Program Management Team
Modified:
2023-08-17 15:25 UTC (
History
)
CC List:
12 users
(
show
)
dbodnarc
ggasparb
jcerny
jjaburek
libin.babu
maburgha
maynord.rosales
mhaicman
mlysonek
peter.vreman
vpolasek
wsato
Fixed In Version:
scap-security-guide-0.1.69-1.el8_6
Doc Type:
Bug Fix
Doc Text:
Cause: Default permissions of uefi files were not accepted and were not possible to be changed via chmod when /boot/efi was using a vfat file system. Consequence: The file_permissions_efi_user_cfg rule was failing and the remediation was ineffective. Fix: Allow the "0700" permission for files in /boot/efi instead of only "0600". "0700" is the default permission and is accepted by CIS, so the assessment and remediation are now better aligned to CIS. Result: The file_permissions_efi_user_cfg rule should no longer fail if /boot/efi is mounted using the default permissions.
Clone Of:
2184487
Environment:
Last Closed:
Type:
---
Target Upstream Version:
Embargoed:
Dependent Products:
Container Native Virtualization (CNV)
Ember-CSI
ExternalDNS Operator for OpenShift Container Platform
Kubernetes-native Infrastructure
OpenShift Container Platform
Red Hat Ceph Storage
Red Hat Certificate System
Red Hat CloudForms Management Engine
Red Hat Directory Server
Red Hat Enterprise MRG
Red Hat Enterprise Virtualization Manager
Red Hat Gluster Storage
Red Hat OpenShift Data Foundation
Red Hat OpenStack
Service Telemetry Framework
Attachments
(Terms of Use)
Links
System
ID
Private
Priority
Status
Summary
Last Updated
Red Hat Issue Tracker
RHELPLAN-164140
0
None
None
None
2023-08-02 12:22:29 UTC
Note
You need to
log in
before you can comment on or make changes to this bug.