yuumasato
commented
3 years ago The fail to remediate sudo_add_requitetty happens because an testing library comments any requiretty in the sudoers file.
Closed mildas closed 2 years ago
yuumasato
commented
3 years ago The fail to remediate sudo_add_requitetty happens because an testing library comments any requiretty in the sudoers file.
yuumasato
commented
3 years ago About the polyinstantiated /tmp and /var/tmp, the remediation for these rules create a directory and set permissions and SELinux contexts.
/tmp and /var/tmp doesn't work. Every configuration is as it should be, ~but the feature is not functional. It seems that some operation done during installation persistently broke polyinstantiation.~These issues do not manifest when remediation is applied on already installed system.
EDIT: After reapplying remediation the polyinstantiation feature is functional. I was testing it in a wrong way.
mildas
commented
3 years ago Removed commenting out of the requiretty line in sudoers file, installation works without problems, and sudo_add_requitetty passes. I have removed the rule from the list of failing rules.
mildas
commented
3 years ago mount_option_boot_* rules pass now. The problem was in missing options for boot partition in kickstart. Rules were removed from the list.
mildas
commented
2 years ago accounts_polyinstantiated_* needs to be remediated twice. grub2_enable_iommu_force passes now. Closing
Description of problem:
During the ANSSI profile kickstart installations, there's a few rules that fail to be remediated:
sudoers_no_root_target- doesn't come with a remediationsudoers_explicit_command_args- doesn't come with a remediationsudo_dedicated_group- doesn't come with a remediationSCAP Security Guide Version:
b9def94
Operating System Version:
RHEL 7, RHEL 8
Steps to Reproduce:
Actual Results:
Listed rules result in failed.
Expected Results:
Listed rules result in passed.
Additional Information/Debugging Steps: