View Issue Details

IDProjectCategoryView StatusLast Update
0014319CentOS-7openscappublic2018-09-13 15:55
Status newResolutionopen 
Product Version7.4.1708 
Target VersionFixed in Version 
Summary0014319: oscap fails to apply correct server hardening implementation for DISA selection in secuity profile
DescriptionWhen applying the DISA security profile, (stig-rhel7-disa) via anaconda during buile or just trying to scan using the ssg-centos7-xccdf.xml file the required hardening is not applied. A large number of items that should be required are marked as notapplicable.

This all worked good with CentOS 7.3.1611.

You can still build a server with 7.3.1611 and then upgrade 7.4 to get the desired hardening but all attempts with 7.4.1708 fail to apply same standards.
Steps To ReproduceEither build a server with the DISA (stig-rhel7-disa) security profile, or run the oscap eval xccdf using ssg-centos7-xccdf.xml against a server that has the profile applied.
Additional InformationIt appears updates were made to the openscap package that change the profiles available from :
       to only :

causing the interpretation of the xml file to fail, ignoring items that should be set to comply with the standards.
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-01-02 18:35 jwc New Issue