ggbecker
commented
3 years ago Most likely an ordering issue as you said. We could either solve this permissions in the audit rules remediation or move this rule to the end of the benchmark... if that's possible.
Description of problem:
The
file_permissions_etc_audit_rulesdrule check fails after remediating a machine with STIG profile and restarting it.SCAP Security Guide Version:
a4e6221
Operating System Version:
RHEL 8
Steps to Reproduce:
python3 tests/test_suite.py profile --libvirt qemu:///system test_suite_vm --datastream build/ssg-rhel8-ds.xml --xccdf-id scap_org.open-scap_cref_ssg-rhel8-xccdf-1.2.xml --mode online --remediate-using oscap xccdf_org.ssgproject.content_profile_stigActual Results:
xccdf_org.ssgproject.content_rule_file_permissions_etc_audit_rulesd - failExpected Results:
xccdf_org.ssgproject.content_rule_file_permissions_etc_audit_rulesd - passAdditional Information/Debugging Steps:
OVAL details:
Testing mode of /etc/audit/rules.d/ oval:ssg-test_file_permissions_etc_audit_rulesd:tst:1 true
Following items have been found on the system:
Path | Type | UID | GID | Size (B) | Permissions -- | -- | -- | -- | -- | -- /etc/audit/rules.d/immutable.rules | regular | 0 | 0 | 150 | rw-r--r-- /etc/audit/rules.d/11-loginuid.rules | regular | 0 | 0 | 92 | rw-r--r-- Might be an ordering issue.