Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

accounts_umask_etc_bashrc is misaligned with DISA #11700

Closed
jan-cerny opened this issue Mar 13, 2024 · 1 comment · Fixed by #11822
Closed

accounts_umask_etc_bashrc is misaligned with DISA #11700

jan-cerny opened this issue Mar 13, 2024 · 1 comment · Fixed by #11822
Assignees
@vojtapolasek
Labels
productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related.

Comments

@jan-cerny
Copy link
Collaborator

Description of problem:

accounts_umask_etc_bashrc is misaligned with DISA

Details:

DISA's rule marks this line in /etc/bashrc as offending:

[ `umask` -eq 0 ] && umask 022

But this line is a part of block of code under condition for non-login shells so I think this line shouldn't be flagged.

Outcome:

SSG result: pass
DISA result: fail

The issue is present in these test variants:

  • oscap
  • ansible
  • anaconda

SCAP Security Guide Version:

Current upstream master as of 2024-03-12 as of HEAD cbbca44.

External Content's Version:

DISA STIG RHEL 9 V1R1
@jan-cerny jan-cerny added productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related. labels Mar 13, 2024
@Mab879
Copy link
Member

Mab879 commented Apr 12, 2024

This needs more investigation. The check DISA is doing is following the letter of the check.
See https://stigaview.com/products/rhel9/v1r2/RHEL-09-412055/

@vojtapolasek vojtapolasek self-assigned this Apr 15, 2024
@vojtapolasek vojtapolasek mentioned this issue Apr 16, 2024
Merged
marcusburghardt added a commit to marcusburghardt/contest that referenced this issue Apr 26, 2024
@marcusburghardt
DISA misalignment fixed
745b251 
- ComplianceAsCode/content#11700
- ComplianceAsCode/content#11822
comps pushed a commit to RHSecurityCompliance/contest that referenced this issue Apr 26, 2024
@marcusburghardt @comps
DISA misalignment fixed
1506bcf 
- ComplianceAsCode/content#11700
- ComplianceAsCode/content#11822
@jan-cerny jan-cerny mentioned this issue May 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vojtapolasek vojtapolasek

Labels
productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

accounts_umask_etc_bashrc: extend handled cases of umask vojtapolasek/content
3 participants
@Mab879 @vojtapolasek @jan-cerny