2018-01-23 17:23 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0014319CentOS-7openscappublic2018-01-02 18:35
Reporterjwc 
PrioritynormalSeverityminorReproducibilityalways
StatusnewResolutionopen 
Product Version7.4.1708 
Target VersionFixed in Version 
Summary0014319: oscap fails to apply correct server hardening implementation for DISA selection in secuity profile
DescriptionWhen applying the DISA security profile, (stig-rhel7-disa) via anaconda during buile or just trying to scan using the ssg-centos7-xccdf.xml file the required hardening is not applied. A large number of items that should be required are marked as notapplicable.

This all worked good with CentOS 7.3.1611.

You can still build a server with 7.3.1611 and then upgrade 7.4 to get the desired hardening but all attempts with 7.4.1708 fail to apply same standards.
Steps To ReproduceEither build a server with the DISA (stig-rhel7-disa) security profile, or run the oscap eval xccdf using ssg-centos7-xccdf.xml against a server that has the profile applied.
Additional InformationIt appears updates were made to the openscap package that change the profiles available from :
stig-rhel7-workstation-upstream
stig-rhel7-server-gui-upstream
stig-rhel7-server-upstream
       to only :
stig-rhel7-disa

causing the interpretation of the xml file to fail, ignoring items that should be set to comply with the standards.
TagsNo tags attached.
abrt_hash
URL
Attached Files

-Relationships
+Relationships

-Notes
There are no notes attached to this issue.
+Notes

-Issue History
Date Modified Username Field Change
2018-01-02 18:35 jwc New Issue
+Issue History