inspec-profile-disa_stig-el7
inspec-profile-disa_stig-el7 copied to clipboard
simp
Review 71999
× V-71999: Vendor packaged system security patches and updates must be installed and up to date. × List of out-of-date packages undefined local variable or method `linux_update' for #RSpec::ExampleGroups::ListOfOutOfDatePackages:0x0000000009aca568
undefined local variable or method `linux_update' for #<RSpec::ExampleGroups::ListOfOutOfDatePackages:0x0000000006d3bf70>
× V-72001: The system must not have unnecessary accounts. (2 failed)
× /etc/passwd users should be in "root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy", "systemd-network", "dbus", "polkitd", "tss", "postfix", "chrony", "sshd", "sssd", "rpc", "ntp", "vboxadd", "nfsnobody", "vagrant", and "rpcuser"
expected ["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "games", "ftp", "nobody", "systemd-network", "dbus", "polkitd", "rpc", "rpcuser", "nfsnobody", "sshd", "postfix", "chrony", "vagrant", "vboxadd"] to be in the list: ["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "nobody", "systemd-bus-proxy", "systemd-network", "dbus", "polkitd", "tss", "postfix", "chrony", "sshd", "sssd", "rpc", "ntp", "vboxadd", "nfsnobody", "vagrant", "rpcuser"]
Diff:
["games", "ftp"]
× /etc/passwd users should not be in "games", "gopher", and "ftp"
expected ["root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "operator", "games", "ftp", "nobody", "systemd-network", "dbus", "polkitd", "rpc", "rpcuser", "nfsnobody", "sshd", "postfix", "chrony", "vagrant", "vboxadd"] not to be in the list: ["games", "gopher", "ftp"]
Comm:
["games", "ftp"]
I was able to replicate this. It doesn't look like much has change in V-71999 or linux_updates.rb in a long time. I also noticed if I get remove the describe.one construct, it works. @aaronlippold does it work if you remove the describe.one construct too?
