content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

`logind_session_timeout` is misaligned with DISA

Open comps opened this issue 8 months ago • 1 comments

Description of problem:

The content is misaligned with an external (third party) content that targets the same policy - typically, this means that a system hardened by our content doesn't pass the scan by the external content.

Details:

This content is not aligned with content from DISA

The misalignment affects these profiles:

  • RHEL-9 STIG (probably?)

The misalignment affects these rules:

  • logind_session_timeout when used by anaconda / ansible / oscap

Contest prints out

SSG result: pass, DISA result(s): SV-258077r1014874_rule:fail

Outcome:

  • [ ] This project's content can be improved:
    • [ ] Check needs to be improved.
    • [ ] Remediation needs to be improved.
  • [ ] The external content's check is faulty - the other party needs to be notified, they have work to do.

SCAP Security Guide Version:

master @ 3d5431af1c621b67fb1fcb6f74f8e910f88875ec

External Content's Version:

Presumably the DISA profile(s) in master @ 3d5431af1c621b67fb1fcb6f74f8e910f88875ec

comps avatar Apr 24 '25 14:04 comps

The reason is that our content requires 10 minutes but DISA's content requires 15 minutes timeout. I have found that we have lowered it to 10 minutes recently in https://github.com/ComplianceAsCode/content/pull/13347/commits/0a0fd0d59c1f808a018abcbdf92ce3f1d4edc15e. However, the STIG description still contains 15 minutes: https://stigaview.com/products/rhel9/v2r4/RHEL-09-412080/

jan-cerny avatar Apr 29 '25 08:04 jan-cerny

Fixed by https://github.com/ComplianceAsCode/content/pull/13830

ggbecker avatar Oct 03 '25 17:10 ggbecker