search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.13k stars 676 forks source link

Rule ensure_gpgcheck_globally_activated is not aligned with DISA STIG benchmark #9537

Open vojtapolasek opened 1 year ago

vojtapolasek commented 1 year ago

Description of problem:

After kickstart installation (GUI or non GUI), the rule ensure_gpgcheck_globally_activated is reported as passing where its DISA's counterpart (SV-230264r627750_rule) is reported as fail.

SCAP Security Guide Version:

Master as of Sat Sep 17, 2022

Operating System Version:

RHEL8

Steps to Reproduce:

  1. Perform installation from a kickstart file with stig / stig_gui profile selected
  2. Evaluate STIG profile from this repo
  3. evaluate DISA benchmark

Actual Results:

The rule xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated passes The DISA rule xccdf_mil.disa.stig_rule_SV-230264r627750_rule fails.

Expected Results:

Both rules pass.

Additional Information/Debugging Steps:

ggbecker commented 1 year ago

https://bugzilla.redhat.com/show_bug.cgi?id=2115352

marcusburghardt commented 1 year ago

@ggbecker are you ok in assigning this issue to you?

vojtapolasek commented 7 months ago

The bug has been migrated to https://issues.redhat.com/browse/RHEL-1806