search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.22k stars 698 forks source link

Rule sysctl_kernel_yama_ptrace_scope is misaligned with DISA #9307

Open jan-cerny opened 2 years ago

jan-cerny commented 2 years ago

Description of problem:

Rule xccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope is misaligned with rule xccdf_mil.disa.stig_rule_SV-230546r833361_rule from the DISA content in disa-stig-rhel8-v1r6-xccdf-scap.xml

SCAP Security Guide Version:

current upstream as of 2022-08-06 as of HEAD 61b8f59e05e7a63267e22f3a44ff2b98de822ec0

Operating System Version:

RHEL 8

Steps to Reproduce:

  1. evaluate RHEL 8 STIG profile
  2. evaluate disa-stig-rhel8-v1r6-xccdf-scap.xml

Actual Results:

xccdf_org.ssgproject.content_rule_sysctl_kernel_yama_ptrace_scope: pass xccdf_mil.disa.stig_rule_SV-230546r833361_rule: fail

Expected Results:

both rules pass

Additional Information/Debugging Steps:

This problem occurs also with the "STIG with GUI" profile.

vojtapolasek commented 1 year ago

Just for posterity, the problem is that DISA mandates that the configuration option exists in ONE file only and it is set to only ONE correct value, which is not the case when remediating clean RHEL 8 installation with our content.