|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0014319||CentOS-7||openscap||public||2018-01-02 18:35||2018-01-02 18:35|
|Target Version||Fixed in Version|
|Summary||0014319: oscap fails to apply correct server hardening implementation for DISA selection in secuity profile|
|Description||When applying the DISA security profile, (stig-rhel7-disa) via anaconda during buile or just trying to scan using the ssg-centos7-xccdf.xml file the required hardening is not applied. A large number of items that should be required are marked as notapplicable.|
This all worked good with CentOS 7.3.1611.
You can still build a server with 7.3.1611 and then upgrade 7.4 to get the desired hardening but all attempts with 7.4.1708 fail to apply same standards.
|Steps To Reproduce||Either build a server with the DISA (stig-rhel7-disa) security profile, or run the oscap eval xccdf using ssg-centos7-xccdf.xml against a server that has the profile applied.|
|Additional Information||It appears updates were made to the openscap package that change the profiles available from :|
to only :
causing the interpretation of the xml file to fail, ignoring items that should be set to comply with the standards.
|Tags||No tags attached.|
|2018-01-02 18:35||jwc||New Issue|