ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.2k stars 696 forks source link

configure_crypto_policy is failing after STIG kickstart installation #6359

Closed mildas closed 2 years ago

mildas commented 3 years ago

Description of problem:

The configure_crypto_policy rule is failing after fresh installation of RHEL 8.3 using STIG profile.

The rule is failing because the oval:ssg-variable_crypto_policies_config_file_age:var:1 variable has value 466. Because of that the oval:ssg-test_crypto_policies_updated:tst:1 check from the rule fails and it results to fail of the rule.

SCAP Security Guide Version:

dfa3059

Operating System Version:

RHEL 8.3

Steps to Reproduce:

  1. Install RHEL using STIG profile
  2. After installation, boot system and check configure_crypto_policy rule

Actual Results:

Title
    Configure System Cryptography Policy
Rule
    xccdf_org.ssgproject.content_rule_configure_crypto_policy
Ident
    CCE-80935-0
Result
    fail

Expected Results:

Title
    Configure System Cryptography Policy
Rule
    xccdf_org.ssgproject.content_rule_configure_crypto_policy
Ident
    CCE-80935-0
Result
    pass

Addition Information/Debugging Steps:

Return code from remediation performed during installation is 0 but the actual result from the remediation is error because result from the check after the remediation is fail.

6358 issue is similar to this one and most likely it is caused by the same cause.

mildas commented 2 years ago

Passes now. Closing