Closed bantify closed 1 month ago
hi @bantify
We see this alot as you may see from other issues, scanner all work differently. In this case if you investigate the test that the scanner is running with what CIS requires, you will see that it is often brittle, in many cases and doesn't match the requirements. Often only searching for the filename as mentioned in the remediation steps but not running the audit steps which allows it to be searched for in many places. I am sure you will find that many of the controls if you test the audit requirements it works as expected. You may also find you are running a different version of the benchmark to the scanner you are running? Controls get moved and changed, given new control IDs or even moved sections.
I also noticed a step that you have that is not part of our playbook
Delete line TMOUT from /etc/bashrc
If it is genuinely an issue happy to fix what is wrong.
Many thanks
uk-bolly
hi @bantify,
Will close this issue as a problem with the scanner unless there is something not as expected please feel free to reopen?
Many thanks
uk-bolly
please close. Thanks.
Question: Nesus scan gives only 69% score in oracle linux 8.9
Before upgrade of CIS compliance in nesus, scroe was 77% score for the same host.
Nesus Version: 10.7.4 CIS compliance version: V3.0.0 Use Role: RHEL8-CIS branch: devel (check out date: June-30-2024 )
Environment (please complete the following information): Oracle linux 8.9
Ansible Version: ansible [core 2.15.10] Host Python Version: [e.g. Python 3.7.6] Python 3.6.8 Ansible Server Python Version: Python 3.9.6 Additional Details:
Disbaled rule: rhel8cis_rule_1_2_3: false
Attached the scan report of PDF for your reference: webfe_IP_135.pdf
Last few lines of output:
Please help.
Regards.