search

tom-krieger / cis_security_hardening

Define a complete security baseline and monitor the baseline's rules. The definition of the baseline should be done in Hiera. The purpose of the module is to give the ability to setup a complete security baseline which not necessarily have to stick to industry security guides like the CIS benchmarks.
Apache License 2.0
18 stars 11 forks source link

auditd_user_emulation failing #70

Closed warrenbel closed 9 months ago

warrenbel commented 12 months ago

I am getting a fail on this rule: using Openscap Red Hat Enterprise Linux 8 Benchmark™, v2.0.0

class { 'cis_security_hardening::rules::auditd_user_emulation': enforce => true, }

Result: -a always,exit -F arch=b32 -C euid!=uid -F auid!=unset -S execve -k user_emulation -a always,exit -F arch=b64 -C euid!=uid -F auid!=unset -S execve -k user_emulation

But it is passing if i change to this format: -a always,exit -F arch=b32 -S execve -C euid!=uid -F auid!=unset -k user_emulation -a always,exit -F arch=b64 -S execve -C euid!=uid -F auid!=unset -k user_emulation

Maybe it is just the way they construct their search pattern.

tom-krieger commented 9 months ago

That is a problem of the scanner in my opinion but will reorder the options.

tom-krieger commented 9 months ago

Will be fixed in upcoming release.