Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rules failing as misaligned with DISA #11105

Closed
cortesana opened this issue Sep 8, 2023 · 5 comments · Fixed by #11163
Closed

Rules failing as misaligned with DISA #11105

cortesana opened this issue Sep 8, 2023 · 5 comments · Fixed by #11163
Assignees
@ggbecker
Labels
productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related.

Comments

@cortesana
Copy link
Contributor

cortesana commented Sep 8, 2023
edited
Loading

Description of problem:

The display_login_attempts rule and the audit_rules_login_events_faillock rule are failing checks due to misalignments with DISA in the following tests:

  • disa-content-alignment-remediations Bash (GUI)
  • disa-content-alignment-remediations Ansible (GUI)
  • disa-content-alignment-remediations Ansible
  • disa-content-alignment-remediations Bash
  • disa-content-alignment-kickstart (GUI)
  • disa-content-alignment-kickstart

SCAP Security Guide Version:

Current upstream master branch as of 2023-09-04

Operating System Version:

RHEL 7

Steps to Reproduce:

  1. compare_results.py ssg-stig-viewer.xml disa-xccdf-arf-results.xml

Actual Results:

[   FAIL   ] :: Misalignments not passing after waiving:
  CCE-27275-7 SV-86899 - SV-204605r858478_rule display_login_attempts                                                     pass - fail
  CCE-80383-3 CCE-80383-3 - SV-204540r853930_rule audit_rules_login_events_faillock

Expected Results:

No rules are misaligned after waiving.

Additional Information/Debugging Steps:
@cortesana cortesana added productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related. labels Sep 8, 2023
@marcusburghardt
Copy link
Member

Regarding the display_login_attempts rule, it is probably related to #9031.

The rule is correct but STIG description needs to be updated.

@marcusburghardt
Copy link
Member

I don't see results about the audit_rules_login_events_faillock rule. Which one is failing or passing?

@jan-cerny
Copy link
Collaborator

This issue is still present in the latest productization run on RHEL 7.9 using scap-security-guide built from the latest master as of 2023-09-09 as of HEAD 7c741f2

@jan-cerny
Copy link
Collaborator

@marcusburghardt In my run the audit_rules_login_events_faillock is passing in SSG but xccdf_mil.disa.stig_rule_SV-204540r853930_rule is failing in DISA.

@marcusburghardt
Copy link
Member

Still present in last productization review.

@ggbecker ggbecker mentioned this issue Oct 2, 2023
Merged
@mildas mildas mentioned this issue Oct 12, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ggbecker ggbecker

Labels
productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Select the var_accounts_passwords_pam_faillock_dir=run in RHEL7 profiles ggbecker/content
4 participants
@marcusburghardt @jan-cerny @ggbecker @cortesana