content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

PCI-DSS generated blueprint missing `firewalld` package

Open kingsleyzissou opened this issue 1 year ago • 0 comments

Description of problem:

The image builder blueprint generated content requires the firewalld service to be running but the package is not included in the list of packages to be installed on the image. This causes the image build to fail.

SCAP Security Guide Version:

0.1.72

Operating System Version:

Fedora 39

Steps to Reproduce:

  1. oscap xccdf generate fix --profile dss --fix-type blueprint /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
  2. Examine the blueprints
  3. Build an image with the image builder tool

Actual Results:

Blueprint packages do not contain the firewalld package but have it listed as a service to be enabled.

Expected Results:

firewalld in the list of packages to be installed since it is enabled.

Additional Information/Debugging Steps:

kingsleyzissou avatar Apr 02 '24 15:04 kingsleyzissou