Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHEL8 STIG - Rules missing identifiers #12421

Closed
mildas opened this issue Sep 25, 2024 · 5 comments · Fixed by #12446
Closed

RHEL8 STIG - Rules missing identifiers #12421

mildas opened this issue Sep 25, 2024 · 5 comments · Fixed by #12446
Assignees
@Mab879
Labels
RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related.

Comments

@mildas
Copy link
Contributor

mildas commented Sep 25, 2024
edited
Loading

Description of problem:

Each STIG rule should have CCI, SRG, and STIGID references, but during testing I have discovered these missing:

List of rules missing CCI reference:

  • package_postfix_installed - missing CCI
  • enable_authselect - missing STIG ID

SCAP Security Guide Version:

master

Operating System Version:

RHEL 8
@mildas mildas added RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related. labels Sep 25, 2024
@Mab879 Mab879 self-assigned this Sep 27, 2024
@Mab879
Copy link
Member

Mab879 commented Sep 27, 2024

May be solved by #12374

@mildas mildas changed the title RHEL8 STIG - Rules missing CCI RHEL8 STIG - Rules missing identifiers Sep 30, 2024
@mildas
Copy link
Contributor Author

mildas commented Sep 30, 2024

@Mab879 tested latest master and most of CCI are there. However, I've discovered 2 missing identifiers in STIG rules. See updated issue description

@Mab879
Copy link
Member

Mab879 commented Sep 30, 2024

enable_authselect missing a STIG ID is expected.

Mab879 added a commit to Mab879/content that referenced this issue Sep 30, 2024
@Mab879
Add CCI to package_postfix_installed
3f6361f 
Fixes ComplianceAsCode#12421
@Mab879 Mab879 mentioned this issue Sep 30, 2024
Merged
@mildas
Copy link
Contributor Author

mildas commented Oct 1, 2024

Could you provide context for expected no STIG ID for enable_authselect? So I have reasoning for permanent waiver

@Mab879
Copy link
Member

Mab879 commented Oct 1, 2024

There is no rule in the STIG for enabling authselect, but that rule is needed so our other authselect rules work.

jan-cerny pushed a commit to jan-cerny/scap-security-guide that referenced this issue Oct 11, 2024
@Mab879 @jan-cerny
Add CCI to package_postfix_installed
d35ddb8 
Fixes ComplianceAsCode#12421
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mab879 Mab879

Labels
RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add CCI to package_postfix_installed Mab879/content
2 participants
@Mab879 @mildas