Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mount_option_dev_shm_noexec fails after remediation #10391

Closed
Mab879 opened this issue Mar 29, 2023 · 3 comments · Fixed by #10432
Closed

mount_option_dev_shm_noexec fails after remediation #10391

Mab879 opened this issue Mar 29, 2023 · 3 comments · Fixed by #10432
Assignees
@evgenyz
Labels
productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related. RHEL8 Red Hat Enterprise Linux 8 product related. RHEL9 Red Hat Enterprise Linux 9 product related.

Comments

@Mab879
Copy link
Member

Mab879 commented Mar 29, 2023
edited by evgenyz
Loading

Description of problem:

SCAP Security Guide Version:

e544b52

Operating System Version:

RHEL 8.8
RHEL 9.2
RHEL 7.9

Steps to Reproduce:

  1. Install RHEL 8 with a GUI using the OSPP or STIG profile

Actual Results:

mount_option_dev_shm_noexec fails

Expected Results:

mount_option_dev_shm_noexec passes

Additional Information/Debugging Steps:

None
@Mab879 Mab879 added productization-issue Issue found in upstream stabilization process. RHEL8 Red Hat Enterprise Linux 8 product related. RHEL9 Red Hat Enterprise Linux 9 product related. labels Mar 29, 2023
@evgenyz evgenyz self-assigned this Apr 3, 2023
@marcusburghardt
Copy link
Member

It is also failing in RHEL7.9

@evgenyz evgenyz added the RHEL7 Red Hat Enterprise Linux 7 product related. label Apr 5, 2023
@evgenyz
Copy link
Member

evgenyz commented Apr 5, 2023

As far as I can see the rule mount_option_dev_shm_noexec is not selected in RHEL9 OSPP or STIG profiles. This is strange.

@Mab879
Copy link
Member Author

Mab879 commented Apr 5, 2023
edited
Loading 

./automatus.py rule --libvirt qemu:///system automatus_rhel_9_3 --datastream ./build/ssg-rhel9-ds.xml --remediate-using ansible mount_option_dev_shm_noexec
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/mburket/code/ComplianceAsCode/content/tests/logs/rule-custom-2023-04-05-0832/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec
INFO - Script runtime.pass.sh using profile (all) OK
INFO - Script separate.pass.sh using profile (all) OK
INFO - Script fstab.fail.sh using profile (all) OK
ERROR - Rule evaluation resulted in fail, instead of expected pass during final stage 
ERROR - The check after remediation failed for rule 'xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec'.
INFO - Script no_partition.fail.sh using profile (all) OK

Seems to be a better reproducer.

@evgenyz evgenyz mentioned this issue Apr 6, 2023
Merged
@marcusburghardt marcusburghardt modified the milestone: 0.1.67 Apr 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@evgenyz evgenyz

Labels
productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related. RHEL8 Red Hat Enterprise Linux 8 product related. RHEL9 Red Hat Enterprise Linux 9 product related.
Projects
None yet
Milestone
No milestone
3 participants
@Mab879 @evgenyz @marcusburghardt