Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule configure_bashrc_tmux fails after hardening/installation #11569

Closed
jan-cerny opened this issue Feb 9, 2024 · 2 comments
Closed

Rule configure_bashrc_tmux fails after hardening/installation #11569

jan-cerny opened this issue Feb 9, 2024 · 2 comments
Assignees
@mildas
Labels
productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related.
Milestone
0.1.73

Comments

@jan-cerny
Copy link
Collaborator

jan-cerny commented Feb 9, 2024
edited
Loading

Description of problem:

The rule configure_bashrc_tmux fails in the daily productization tests in these tests:

  • /CoreOS/scap-security-guide/hardening/oscap/stig
  • /CoreOS/scap-security-guide/hardening/host-os/oscap/stig
  • /CoreOS/scap-security-guide/hardening/oscap/with-gui/stig_gui

SCAP Security Guide Version:

current upstream master as of 2024-02-08 as of HEAD as of 8734eed

Operating System Version:

RHEL 9 (RHEL-9.4.0-updates-20240208.39)

Steps to Reproduce:

  1. oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --progress --remediate --report /var/tmp/contest-hardening-host-os-oscap-stig/remediation.html /var/tmp/contest-hardening-host-os-oscap-stig/modified_datastream.xml

Actual Results:

xccdf_org.ssgproject.content_rule_configure_bashrc_tmux:fail

Expected Results:

xccdf_org.ssgproject.content_rule_configure_bashrc_tmux:pass

Additional Information/Debugging Steps:

The problem can be related to the fact that package_tmux_installed is fail during the initial scan therefore the configure_bashrc_tmux is notapplicable during the initial scan, so the remediation installs tmux but doesn't remediate configure_bashrc_tmux but that rule becomes applicable during the final scan and fails.

related to: #11561
@jan-cerny jan-cerny added productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related. labels Feb 9, 2024
@jan-cerny jan-cerny added this to the 0.1.73 milestone Feb 9, 2024
jan-cerny added a commit to jan-cerny/contest that referenced this issue Feb 9, 2024
@jan-cerny
Update waivers for configure_bashrc_tmux
6fe25d4 
After merging ComplianceAsCode/content#11561,
the rule configure_bashrc_tmux is included in RHEL 9 STIG, therefore,
the waiver applicability should be extended to RHEL 9.
This problem has been reported by:
ComplianceAsCode/content#11569
@jan-cerny jan-cerny mentioned this issue Feb 9, 2024
Merged
@jan-cerny
Copy link
Collaborator Author

We have opened a PR to change waivers in contest: RHSecurityCompliance/contest#99

comps pushed a commit to RHSecurityCompliance/contest that referenced this issue Feb 9, 2024
@jan-cerny @comps
Update waivers for configure_bashrc_tmux
1960bc9 
After merging ComplianceAsCode/content#11561,
the rule configure_bashrc_tmux is included in RHEL 9 STIG, therefore,
the waiver applicability should be extended to RHEL 9.
This problem has been reported by:
ComplianceAsCode/content#11569
@mildas
Copy link
Contributor

mildas commented Feb 12, 2024

Closing, it's issue in openscap OpenSCAP/openscap#1880

@mildas mildas closed this as completed Feb 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mildas mildas

Labels
productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related.
Projects
None yet
Milestone
0.1.73
Development

No branches or pull requests
2 participants
@jan-cerny @mildas