content

content copied to clipboard

#### Description of problem: RHEL 9 - `fips_crypto_subpolicy` and `fips_custom_stig_sub_policy` expected notapplicable, scanner returned: fail RHEL 8, RHEL 10 - `fips_crypto_subpolicy` and expected notapplicable, scanner returned: fail #### SCAP Security...

Mab879

Select RHEL 10 Profiles are not install with their kickstarts

2

#### Description of problem: The following profile's kick starts fail to install with ` The installation was stopped due to an error which occurred while running in non-interactive cmdline mode....

Mab879

Rule sysctl_net_ipv4_conf_default_rp_filter is misaligned with DISA

1

#### Description of problem: DISA Misalignment for sysctl_net_ipv4_conf_default_rp_filter #### SCAP Security Guide Version: Current upstream master branch as of 2025-08-28 as of HEAD 2b6628c92d3d6b4cda2d2c7221abbf085f27368e #### Operating System Version: RHEL 9...

ggbecker

Consider checking kernel modules in run-time

2

#### Description of problem: Currently ([0.1.69](https://github.com/ComplianceAsCode/content/releases/tag/v0.1.69)) the `kernel_module_disabled` template, used by many rules checks the configuration files to ensure the module is persistently disabled. However, it is possible the module...

marcusburghardt

#### Description of problem: In the [Lab Exercise 2: Automated Security Scanning Using ComplianceAsCode](https://github.com/ComplianceAsCode/content/blob/master/docs/workshop/lab2_openscap.adoc#lab-exercise-2-automated-security-scanning-using-complianceascode), when you start a [Github Codespaces](https://github.com/ComplianceAsCode/content/blob/master/docs/workshop/lab2_openscap.adoc#github-codespaces) and select the branch `master` and the `ComplianceAsCode Workshop 2`...

Katawann

This issue is a follow-up to https://github.com/ComplianceAsCode/content/pull/13840 Basically, currently we have three rules which are located in the fips group and at the same time they are related to specific...

vojtapolasek

Debian 12: bad URL in the ANSSI guide

1

#### Description of problem: The linkchecker test uncovers a URL which returns 403. #### SCAP Security Guide Version: stabilization as of fd0ddbaf67dc4c2a5fc466982b5741d11ea8441c #### Operating System Version: tests run on Fedora...

vojtapolasek

Various "unowned" rules have broken `.fail.sh` unit tests

1

#### Description of problem: Something recently (1 day ago) broke these unit tests: ``` file_permissions_ungroupowned/unowned_file_tmp.fail file_permissions_unauthorized_world_writable/world_writable_tmp.fail no_files_unowned_by_user/unowned_file_tmp.fail ``` which are now unable to set up the test scenarios in a...

comps

Build and test AIDE database - test existence of operational aide database file - fails when file is present

1

#### Description of problem: Testing existence of operational aide database file oval:ssg-test_aide_operational_database_absolute_path:tst:1 false No items have been found conforming to the following objects: Object oval:ssg-object_aide_operational_database_absolute_path:obj:1 of type file_object Filepath Referenced...

gmisura

crypto-policies expects "DEFAULT" yet CIS Benchmark says "not LEGACY"

3

#### Description of problem: I hardened my AL2023 instance, including enabling FIPS and then ran the openSCAP audit. The audit says I failed the "Configure System Cryptography Policy" because /etc/crypto-policies/config...

gmisura