Open mildas opened 3 years ago
The file_permissions_etc_audit_rulesd rule check fails after remediating a machine with STIG profile and restarting it.
file_permissions_etc_audit_rulesd
a4e6221
RHEL 8
python3 tests/test_suite.py profile --libvirt qemu:///system test_suite_vm --datastream build/ssg-rhel8-ds.xml --xccdf-id scap_org.open-scap_cref_ssg-rhel8-xccdf-1.2.xml --mode online --remediate-using oscap xccdf_org.ssgproject.content_profile_stig
xccdf_org.ssgproject.content_rule_file_permissions_etc_audit_rulesd - fail
xccdf_org.ssgproject.content_rule_file_permissions_etc_audit_rulesd - pass
OVAL details:
Most likely an ordering issue as you said. We could either solve this permissions in the audit rules remediation or move this rule to the end of the benchmark... if that's possible.
Description of problem:
The
file_permissions_etc_audit_rulesd
rule check fails after remediating a machine with STIG profile and restarting it.SCAP Security Guide Version:
a4e6221
Operating System Version:
RHEL 8
Steps to Reproduce:
python3 tests/test_suite.py profile --libvirt qemu:///system test_suite_vm --datastream build/ssg-rhel8-ds.xml --xccdf-id scap_org.open-scap_cref_ssg-rhel8-xccdf-1.2.xml --mode online --remediate-using oscap xccdf_org.ssgproject.content_profile_stig
Actual Results:
xccdf_org.ssgproject.content_rule_file_permissions_etc_audit_rulesd - fail
Expected Results:
xccdf_org.ssgproject.content_rule_file_permissions_etc_audit_rulesd - pass
Additional Information/Debugging Steps:
OVAL details:
Testing mode of /etc/audit/rules.d/ oval:ssg-test_file_permissions_etc_audit_rulesd:tst:1 true
Following items have been found on the system:
Path | Type | UID | GID | Size (B) | Permissions -- | -- | -- | -- | -- | -- /etc/audit/rules.d/immutable.rules | regular | 0 | 0 | 150 | rw-r--r-- /etc/audit/rules.d/11-loginuid.rules | regular | 0 | 0 | 92 | rw-r--r-- Might be an ordering issue.