Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CCE-88173-0 is notchecked by SSG, however for DISA STIG it fail #11802

Open
mildas opened this issue Apr 8, 2024 · 4 comments · Fixed by #11816
Open

CCE-88173-0 is notchecked by SSG, however for DISA STIG it fail #11802

mildas opened this issue Apr 8, 2024 · 4 comments · Fixed by #11816
Assignees
@Mab879 @marcusburghardt
Labels
blocked Issue that can't be fixed in content. productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related.
Milestone
0.1.74

Comments

@mildas
Copy link
Contributor

mildas commented Apr 8, 2024

Description of problem:

The content is misaligned with an external (third party) content that targets the same policy - typically, this means that a system hardened by our content doesn't pass the scan by the external content.

Details:

Rule CCE-88173-0 which is auditd_audispd_configure_sufficiently_large_partition is notchecked (however, I see OVAL implemented) by our content. The equivalent rule in DISA STIG checks the requirement and results in fail.

Outcome:

SSG and DISA contents are aligned

SCAP Security Guide Version:

latest master

External Content's Version:

RHEL9 V1R2
@mildas mildas added productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related. labels Apr 8, 2024
@ggbecker
Copy link
Member 

-   id: RHEL-09-653030
    levels:
        - medium
    title:
        RHEL 9 must allocate audit record storage capacity to store at least one
        week's worth of audit records.
    rules:
        - auditd_audispd_configure_sufficiently_large_partition

@Mab879
Copy link
Member

Mab879 commented Apr 12, 2024

Should be easy fix remove this:

content/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/oval/shared.xml

Line 1 in 093b315

{{% if target_oval_version >= [5, 11.2] %}}

@ggbecker
Copy link
Member

DISA SCAP RHEL9 content defines:

    <oval:schema_version>5.11.2</oval:schema_version>

https://github.com/ComplianceAsCode/content/blob/master/shared/references/disa-stig-rhel9-v1r1-xccdf-scap.xml#L16732

@Mab879 Mab879 mentioned this issue Apr 12, 2024
Merged
@Mab879 Mab879 self-assigned this Apr 12, 2024
@Mab879 Mab879 added this to the 0.1.73 milestone Apr 12, 2024
@marcusburghardt marcusburghardt mentioned this issue Apr 30, 2024
Merged
@marcusburghardt marcusburghardt self-assigned this Apr 30, 2024
@marcusburghardt
Copy link
Member

The PR #11816 solved this DISA misalignment issue but also revealed other issues related to OVAL version. Therefore, the change will be reverted by #11917 so we can better work in a long-term solution.

Once the #11917 is merged, this issue will be reopened while the #11891 will be closed.

@marcusburghardt marcusburghardt added the blocked Issue that can't be fixed in content. label Apr 30, 2024
@vojtapolasek vojtapolasek modified the milestones: 0.1.73, 0.1.74 Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mab879 Mab879

@marcusburghardt marcusburghardt

Labels
blocked Issue that can't be fixed in content. productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related.
Projects
None yet
Milestone
0.1.74
5 participants
@Mab879 @vojtapolasek @marcusburghardt @mildas @ggbecker