Marcus Burghardt
Marcus Burghardt
The following rules are pending investigation: - xccdf_org.ssgproject.content_rule_rpm_verify_hashes - fail - xccdf_org.ssgproject.content_rule_rpm_verify_permissions - fail - xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow - fail
> `audit_rules_usergroup_modification_shadow` - check https://bugzilla.redhat.com/show_bug.cgi?id=2119356 It might not be reproducible on clean machine, you need specific file to exist, see the BZ. There is a merged PR (#9463) mentioned in...
> Let's close this one and create focused issues depending on items left with unexpected failures. I quickly reviewed and it seems that all the mentioned rules were already tackled...
I looked this rule now and there are more issues with the Bash remediation: * It is not necessary to copy the zone file to /etc/firewalld in this case. *...
Ok, as I understood, the OVAL check for the `mount_option_home_nodev` rule, which actually uses the `mount_option` template, is written in a way that OpenSCAP scanner, during runtime, will use a...
> Hello, this looks reasonable. I have one point though: I don't think you can reuse the CCE identifier in this case. Exceprt from the project documentation: > > ```...
I rebased the PR and updated it: - The CCEs from `account_passwords_pam_faillock_dir` were preserved and new CCEs were included in the `accounts_passwords_pam_faillock_dir` rule - The release version in the deprecation...
> Thank you for updating the PR. I have some remarks: > > 1. Please remove STIG related parts of account_passwords_pam_faillock_dir, e.g. policy file, specific elements from the rule.yml, stigid...
The `testing-farm:centos-stream-9-x86_64` is failing with the `account_passwords_pam_faillock_dir`, which I believe shouldn't be tested anymore since it was replaced by `accounts_passwords_pam_faillock_dir`. I have to investigate this. Any hint is welcome!