Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHEL9 profiles have rules to disable non-existent services #11341

Closed
14 tasks
evgenyz opened this issue Dec 5, 2023 · 0 comments · Fixed by #11367
Closed
14 tasks

RHEL9 profiles have rules to disable non-existent services #11341

evgenyz opened this issue Dec 5, 2023 · 0 comments · Fixed by #11367
Assignees
@Mab879
Labels
BLOCKER Impediments to release, like failure to build content, or content built is out of standard's syntax Blueprint Image Builder Blueprint remediation update. osbuild Related in some way to Image Builder. RHEL9 Red Hat Enterprise Linux 9 product related.
Milestone
0.1.72

Comments

@evgenyz
Copy link
Member

evgenyz commented Dec 5, 2023

Description of problem:

Some RHEL9 profiles try to disable non-existent services which leads to IB's inability of building the image.

  • service_squid_disabled
    • ISM-O
    • E8
  • service_telnet_disabled
    • ISM-O
    • E8
    • HIPAA
  • service_xinetd_disabled
    • ISM-O
    • E8
    • HIPAA
  • service_avahi-daemon_disabled
    • ISM-O
    • E8
  • service_rlogin_disabled
    • HIPAA
  • service_autofs_disabled
    • HIPAA
    • STIG
  • service_snmpd_disabled
    • ISM-O

SCAP Security Guide Version:

master

Operating System Version:

RHEL9

Steps to Reproduce:

  1. Try to harden an IB RHEL9 image using E8 profile.

Actual Results:

Image fails to be built.

Expected Results:

Image is built.
@evgenyz evgenyz added BLOCKER Impediments to release, like failure to build content, or content built is out of standard's syntax RHEL9 Red Hat Enterprise Linux 9 product related. Blueprint Image Builder Blueprint remediation update. offline Issues or features of the content related to the OpenSCAP's 'offline' mode osbuild Related in some way to Image Builder. and removed offline Issues or features of the content related to the OpenSCAP's 'offline' mode labels Dec 5, 2023
@evgenyz evgenyz added this to the 0.1.72 milestone Dec 5, 2023
@Mab879 Mab879 self-assigned this Dec 7, 2023
@Mab879 Mab879 mentioned this issue Dec 8, 2023
Merged
@evgenyz evgenyz mentioned this issue Feb 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mab879 Mab879

Labels
BLOCKER Impediments to release, like failure to build content, or content built is out of standard's syntax Blueprint Image Builder Blueprint remediation update. osbuild Related in some way to Image Builder. RHEL9 Red Hat Enterprise Linux 9 product related.
Projects
None yet
Milestone
0.1.72
Development

Successfully merging a pull request may close this issue.

Fix Service Applicability for RHEL 9 Profiles Mab879/content
2 participants
@Mab879 @evgenyz