content issues

Alinux 3 OpenSCAP scanning not working

10

#### Description of problem: All of the scan result using ssg-alinux3-xccdf.xml with profile xccdf_org.ssgproject.content_profile_cis resulting not applicable for all items. ![image](https://github.com/user-attachments/assets/71ef3e61-fd58-4885-b7fe-3a0c33512930) #### SCAP Security Guide Version: 0.1.74 #### Operating System...

blackbrownco

Alibaba Linux

File path inconsistent in accounts_umask_etc_bashrc

#### Description of problem: In rule accounts_umask_etc_bashrc on Fedora or RHEL the "/etc/bashrc" is configured but on other systems eg. Debian 12 the name of the file is "/etc/bash.bashrc". It...

jan-cerny

Debian

Ubuntu

Rule ensure_redhat_gpgkey_installed is evaluated as notchecked on RHEL-10

1

#### Description of problem: The rule `ensure_redhat_gpgkey_installed` evaluates as notchecked (No candidate or applicable check found) on RHEL-10 which when combined with other gpgcheck rules in SCAP profiles (`gpgcheck_globally_activated`, `gpgcheck_never_disabled`,...

matusmarhefka

RHEL10

Rule require_singleuser_auth fails to remediate on RHEL-10

#### Description of problem: Tested with OSPP profile. The rule `require_singleuser_auth` fix is unsuccessful. Scan after remediation fails because OVAL test `test_require_rescue_service` doesn't find expected `ExecStart` pattern in `/usr/lib/systemd/system/rescue.service` file....

matusmarhefka

RHEL10

Review packages in xwindows_remove_packages rule

#### Description of problem: The rule `xwindows_remove_packages` tries to remove the following packages: - xorg-x11-server-common - xorg-x11-server-utils - xorg-x11-server-Xorg - xorg-x11-server-Xwayland #### SCAP Security Guide Version: master branch as of...

marcusburghardt

RHEL

Oracle Linux

SLES

Update Rule

default branch name not inclusive

#### Description of problem: The default branch is currently "master" which is not inclusive with a majority of the public internet switching the default branch name to "main". Given the...

aghassemlouei

triaged

Review and fix sssd rules in ANSSI control file

7

#### Description: When reviewing #12351 I noticed some issues with `sssd` related rules. This PR: - Remove unnecessary steps in `sssd_enable_pam_services` bash remediation - Updates the `id_provider` value and fix...

marcusburghardt

bugfix

Test Suite

Bash

do-not-merge/work-in-progress

CPE-AL

Wrong usage of lineinfile template

1

The lineinfile template does not accept regex as input. https://github.com/ComplianceAsCode/content/blob/a6ff62a071070227558a308b201ff108f0ef6971/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml#L73

ggbecker

Ansible

OVAL

Bash

Missing referenced check files for RHEL 9 profile

1

#### Description of problem: When performing an evaluation as per below I receive an error :- oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis --results ssg-rhel9-ds.xml --report ssg-rhel9-level2-ds.html /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml OpenSCAP Error: Unable to...

yuljk

Add OL9 to xwindows_runlevel_target tests

1

#### Description: Add OL9 to xwindows_runlevel_target tests #### Rationale: Align OL9 STIG profile with DISA STIG OL9 V1R1

mrkanon

content
content copied to clipboard

Metadata

Alinux 3 OpenSCAP scanning not working

File path inconsistent in accounts_umask_etc_bashrc

Rule ensure_redhat_gpgkey_installed is evaluated as notchecked on RHEL-10

Rule require_singleuser_auth fails to remediate on RHEL-10

Review packages in xwindows_remove_packages rule

default branch name not inclusive

Review and fix sssd rules in ANSSI control file

Wrong usage of lineinfile template

Missing referenced check files for RHEL 9 profile

Add OL9 to xwindows_runlevel_target tests

← Metadata

Owner

Metadata

content content copied to clipboard

Metadata

← Metadata

Owner

Metadata

content
content copied to clipboard