Jan Černý

This issue has been fixed or worked around by https://github.com/ComplianceAsCode/content/pull/13645. As of 2025-07-14, the issue doesn't appear in daily productization. Also, I can't reproduce it locally using autocontest. I used...

The rule `configure_crypto_policy` fails in test `/hardening/anaconda/ospp` on RHEL 8 because the OSPP profile requires the policy to be set to `FIPS:OSPP`, but the actual state of the policy is...

I have investigated the RHEL 8 STIG profile. I have used current upstream master as of 2025-02-06 as of HEAD 47fd3bcded59116ade8ea09eb396f363e37813d4. I have run the test `/hardening/anaconda/stig` on a remote...

The same problem situation happens also with rules sshd_ciphers_opensshserver_conf_crypto_policy and sshd_macs_opensshserver_conf_crypto_policy. But in these 2 rules there are addintionally 2 suspicious messages produced by remeditaion: harden_sshd_ciphers_opensshserver_conf_crypto_policy: ``` grep: [email protected],[email protected],aes256-ctr,aes128-ctr: invalid...

I think it can be related to https://issues.redhat.com/browse/RHEL-4722.

The other 2 rules (harden_sshd_macs_openssh_conf_crypto_policy and harden_sshd_ciphers_openssh_conf_crypto_policy) were removed this week from the RHEL 8 STIG profile. https://github.com/ComplianceAsCode/content/pull/12949

I confirm that with the current upstream master as of 2024-02-28 as of HEAD 5a8c0c92708125d4e2f9a091923937fffded0b68 the following rules fail the `/hardening/anaconda/stig` contest test on RHEL 8.10: - configure_gnutls_tls_crypto_policy - harden_sshd_ciphers_opensshserver_conf_crypto_policy...

marking as blocked on https://issues.redhat.com/browse/RHEL-4722

This issue is similar to https://github.com/ComplianceAsCode/content/issues/13552. The problem is that during the remediation the `groupadd` command isn't found and isnt' executed by the remediation. This issue is caused by a...

This issue has been fixed or worked around by https://github.com/ComplianceAsCode/content/pull/13645. As of 2025-07-14, the issue doesn't appear in daily productization. Also, I can't reproduce it locally using autocontest. I used...