Hi
the check for the file ssg-ocp3-ds.xml with profile xccdf_org.ssgproject.content_profile_opencis-master and rule xccdf_org.ssgproject.content_rule_api_server_anonymous_auth
is wrong for rule name / rule pattern check / content / description of the rule xccdf_org.ssgproject.content_rule_api_server_admission_control_plugin_NamespaceLifecycle - the description / rule name and also the pattern check has an typo (missing c in cycle) - NamespaceLifecyle, but should be NamespaceLifecycle
yuumasato
commented
2 weeks ago
Description of problem:
Hi the check for the file ssg-ocp3-ds.xml with profile xccdf_org.ssgproject.content_profile_opencis-master and rule xccdf_org.ssgproject.content_rule_api_server_anonymous_auth is wrong for rule name / rule pattern check / content / description of the rule xccdf_org.ssgproject.content_rule_api_server_admission_control_plugin_NamespaceLifecycle - the description / rule name and also the pattern check has an typo (missing c in cycle) - NamespaceLifecyle, but should be NamespaceLifecycle
the pattern check is:
...[\s]*NamespaceLifecyle\:[\s]...
but should be
...[\s]*NamespaceLifecycle\:[\s]...
SCAP Security Guide Version:
lastest master
Operating System Version:
OpenShift 3.11
Steps to Reproduce:
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_opencis-master --rule xccdf_org.ssgproject.content_rule_api_server_admission_control_plugin_NamespaceLifecycle --results /var/tmp/$(hostname)-hardening-ocp3-report.xml --report /var/tmp/$(hostname)-hardening-ocp3-report.html ssg-ocp3-ds.xml
Actual Results:
Result is false because of typo in check
Expected Results:
Result should be true
Addition Information/Debugging Steps: