content icon indicating copy to clipboard operation
content copied to clipboard

Published 20 hours ago verified publisher icon ComplianceAsCode

RHEL8 OSPP - Rules missing `ospp` reference

Open mildas opened this issue 1 year ago • 1 comments

Description of problem:

During testing of missing references of rules, a huge list of ospp rules without ospp reference has been reported. List of ospp rules without reference:

  • mount_option_tmp_noexec
  • sysctl_net_ipv4_conf_all_accept_redirects
  • mount_option_dev_shm_noexec
  • sysctl_net_ipv4_ip_forward
  • mount_option_var_log_audit_noexec
  • accounts_password_pam_unix_remember
  • package_aide_installed
  • sysctl_net_ipv6_conf_default_accept_source_route
  • auditd_local_events
  • accounts_max_concurrent_login_sessions
  • configure_openssl_crypto_policy
  • accounts_umask_etc_csh_cshrc
  • package_libreport-plugin-rhtsupport_removed
  • openssl_use_strong_entropy
  • sysctl_net_ipv4_conf_default_accept_redirects
  • sysctl_net_ipv6_conf_all_accept_redirects
  • zipl_slub_debug_argument
  • mount_option_boot_nosuid
  • coredump_disable_backtraces
  • package_sendmail_removed
  • accounts_umask_etc_bashrc
  • mount_option_dev_shm_nosuid
  • mount_option_var_log_audit_nodev
  • package_rsyslog_installed
  • package_abrt-addon-ccpp_removed
  • sysctl_net_ipv4_conf_all_log_martians
  • grub2_page_poison_argument
  • sysctl_net_ipv6_conf_default_accept_redirects
  • kernel_module_sctp_disabled
  • package_nfs-utils_removed
  • package_abrt-cli_removed
  • kernel_module_cramfs_disabled
  • configure_libreswan_crypto_policy
  • auditd_data_retention_flush
  • ssh_client_use_strong_rng_sh
  • sysctl_net_ipv4_conf_all_rp_filter
  • sshd_enable_strictmodes
  • mount_option_home_nosuid
  • kernel_module_bluetooth_disabled
  • auditd_write_logs
  • package_policycoreutils-python-utils_installed
  • sysctl_kernel_unprivileged_bpf_disabled
  • sysctl_net_ipv4_icmp_echo_ignore_broadcasts
  • package_abrt-plugin-sosreport_removed
  • sysctl_net_ipv4_tcp_syncookies
  • coredump_disable_storage
  • partition_for_var_tmp
  • accounts_password_pam_maxclassrepeat
  • sysctl_fs_protected_hardlinks
  • ssh_client_use_strong_rng_csh
  • sysctl_fs_protected_symlinks
  • mount_option_var_log_nodev
  • mount_option_var_nodev
  • package_fapolicyd_installed
  • accounts_password_pam_difok
  • grub2_kernel_trust_cpu_rng
  • package_libreport-plugin-logger_removed
  • sysctl_kernel_kexec_load_disabled
  • kerberos_disable_no_keytab
  • mount_option_var_log_nosuid
  • sysctl_net_ipv4_conf_default_accept_source_route
  • sshd_set_keepalive_0
  • zipl_page_poison_argument
  • mount_option_var_tmp_noexec
  • mount_option_var_tmp_nosuid
  • package_dnf-automatic_installed
  • sysctl_kernel_core_pattern
  • package_krb5-workstation_removed
  • disable_users_coredumps
  • grub2_slub_debug_argument
  • sysctl_net_ipv4_conf_default_send_redirects
  • mount_option_nodev_nonroot_local_partitions
  • sysctl_kernel_yama_ptrace_scope
  • zipl_bootmap_is_up_to_date
  • partition_for_home
  • package_abrt_removed
  • mount_option_tmp_nosuid
  • sysctl_net_ipv4_icmp_ignore_bogus_error_responses
  • mount_option_var_tmp_nodev
  • mount_option_tmp_nodev
  • sysctl_net_ipv4_conf_default_secure_redirects
  • selinux_policytype
  • package_abrt-addon-kerneloops_removed
  • mount_option_home_nodev
  • sysctl_net_ipv4_conf_all_send_redirects
  • kernel_module_atm_disabled
  • partition_for_var_log
  • sysctl_net_ipv4_conf_default_log_martians
  • mount_option_var_log_noexec
  • package_gssproxy_removed
  • grub2_pti_argument
  • partition_for_var
  • configure_kerberos_crypto_policy
  • sysctl_net_ipv4_conf_all_accept_source_route
  • sysctl_net_ipv6_conf_all_accept_source_route
  • zipl_bls_entries_only
  • sysctl_net_core_bpf_jit_harden
  • mount_option_boot_nodev
  • kernel_module_firewire-core_disabled
  • chronyd_no_chronyc_network
  • securetty_root_login_console_only
  • sysctl_net_ipv4_conf_default_rp_filter
  • sysctl_net_ipv6_conf_all_accept_ra
  • package_policycoreutils_installed
  • accounts_umask_etc_profile
  • package_python3-abrt-addon_removed
  • sysctl_kernel_dmesg_restrict
  • sysctl_net_ipv6_conf_default_accept_ra
  • sysctl_net_ipv4_conf_all_secure_redirects
  • dnf-automatic_security_updates_only
  • sysctl_kernel_kptr_restrict
  • sshd_use_strong_rng
  • sshd_set_idle_timeout
  • selinux_state
  • package_iprutils_removed
  • configure_bind_crypto_policy
  • accounts_password_pam_maxrepeat
  • mount_option_dev_shm_nodev
  • package_usbguard_installed
  • mount_option_var_log_audit_nosuid

SCAP Security Guide Version:

master

Operating System Version:

RHEL8

mildas avatar Sep 25 '24 13:09 mildas

This seems to be an updated duplicate of #6842.

Mab879 avatar Sep 26 '24 16:09 Mab879

This is still an issue on RHEL-8, https://github.com/ComplianceAsCode/content/issues/6842 was closed because this issue exists.

comps avatar Sep 03 '25 12:09 comps

Due to the age of RHEL 8 this issue is being closed.

Mab879 avatar Oct 28 '25 14:10 Mab879