Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chronyd_or_ntpd_set_maxpoll fails after RHEL 7 STIG remediation #12035

Closed
jan-cerny opened this issue May 29, 2024 · 2 comments
Closed

chronyd_or_ntpd_set_maxpoll fails after RHEL 7 STIG remediation #12035

jan-cerny opened this issue May 29, 2024 · 2 comments
Assignees
@vojtapolasek
Labels
productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related. STIG STIG Benchmark related.

Comments

@jan-cerny
Copy link
Collaborator

Description of problem:

Rule chronyd_or_ntpd_set_maxpoll fails in Contest test /hardening/host-os/oscap/stig on RHEL 7.

SCAP Security Guide Version:

current upstream master as of 2024-05-29 as of HEAD 4cddad2

Operating System Version:

RHEL-7.9-20240526.n.0

Steps to Reproduce:

  1. oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --progress --report /var/tmp/contest-hardening-host-os-oscap-stig/remediation.html --remediate /var/tmp/contest-hardening-host-os-oscap-stig/remediation-ds.xml

Actual Results:

error, rule fails after remediation

Expected Results:

rule passes after remediation

Additional Information/Debugging Steps:

Probably caused by #11958
@jan-cerny jan-cerny added productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related. STIG STIG Benchmark related. labels May 29, 2024
jan-cerny added a commit to jan-cerny/contest that referenced this issue May 29, 2024
@jan-cerny
Add a waiver for #12035
ee9b765 
chronyd_or_ntpd_set_maxpoll
ComplianceAsCode/content#12035
@jan-cerny jan-cerny mentioned this issue May 29, 2024
Merged
comps pushed a commit to RHSecurityCompliance/contest that referenced this issue May 29, 2024
@jan-cerny @comps
Add a waiver for #12035
8fcfd4f 
chronyd_or_ntpd_set_maxpoll
ComplianceAsCode/content#12035
@vojtapolasek vojtapolasek self-assigned this May 30, 2024
@vojtapolasek
Copy link
Collaborator

I can't reproduce it in local VM.It might have to do something with the Contest environment.

@jan-cerny
Copy link
Collaborator Author

jan-cerny commented Jun 3, 2024
edited
Loading

This issue affects only RHEL 7. But, RHEL 7 end of maintenance is on 2024-06-30 which is sooner than the next upstream release. That means that any fix for this issue wouldn't get to RHEL 7. Therefore I prefer not spending time here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vojtapolasek vojtapolasek

Labels
productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related. STIG STIG Benchmark related.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vojtapolasek @jan-cerny