content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

RHEL-08-010162 removing krb5-workstation despite being version-compliant

Open GitYukari opened this issue 1 year ago • 0 comments

Description of problem:

https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2023-09-11/finding/V-230239

The above STIG states that the krb5-workstation package must not be installed on RHEL 8. However, it states in the check text:

If the system is a server or is utilizing krb5-workstation-1.17-18.el8.x86_64 or newer, this is Not Applicable.

The current implementation of this STIG for RHEL 8, and possibly other operating systems, is only checking the presence of krb5-workstation, and not the version. This is resulting in the removal of the package, even if it is compliant with the STIG. Obviously, this breaks Kerberos authentication.

The current version for RHEL 8 is 1.18.2-26. The required minimum version is 1.17-18. This check should mark this condition NA

GitYukari avatar Mar 24 '24 23:03 GitYukari