Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CIS 1.3.1 Ensure AIDE is installed #11929

Open
marcofortina opened this issue May 2, 2024 · 4 comments
Open

CIS 1.3.1 Ensure AIDE is installed #11929

marcofortina opened this issue May 2, 2024 · 4 comments
Labels
Ubuntu Ubuntu product related.

Comments

@marcofortina
Copy link
Contributor

Description of problem:

Check for rule xccdf_org.ssgproject.content_rule_aide_build_database fails on Ubuntu 22.04.

SCAP Security Guide Version:

master branch

Operating System Version:

Ubuntu 22.04 LTS

Steps to Reproduce:

  1. Install AIDE: apt install aide aide-common
  2. Initialize AIDE: aideinit && mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db
  3. Run SCAP: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level2_server --rule xccdf_org.ssgproject.content_rule_aide_build_database ssg-ubuntu2204-ds.xml

Actual Results:

Title   Build and Test AIDE Database
Rule    xccdf_org.ssgproject.content_rule_aide_build_database
Result  fail

Expected Results:

Title   Build and Test AIDE Database
Rule    xccdf_org.ssgproject.content_rule_aide_build_database
Result  pass

Additional Information/Debugging Steps:

On Ubuntu 22.04 database definition keyword in the /etc/aide/aide.conf file was changed from database=file:/var/lib/aide/aide.db to database_in=file:/var/lib/aide/aide.db.

Adding database=file:/var/lib/aide/aide.db in the /etc/aide/aide.conf as workaround gives this warning:

WARNING: /etc/aide/aide.conf:194: Using 'database' is DEPRECATED. Update your config and use 'database_in' instead (line: 'database=file:/var/lib/aide/aide.db')
@dodys
Copy link
Contributor

dodys commented May 7, 2024

The database message is just a warning and we are not yet planning to move to database_in now as this is not backwards compatible and the warning doesn't prevent from aide to work.

Regarding the fail, have you tried to use the bash remediation?

@dodys dodys added the Ubuntu Ubuntu product related. label May 7, 2024
@marcofortina
Copy link
Contributor Author

The database message is just a warning and we are not yet planning to move to database_in now as this is not backwards compatible and the warning doesn't prevent from aide to work.

Regarding the fail, have you tried to use the bash remediation?

Yes of course I used successfully the bash remediation. My issue is only to truck a wrong check for database= on Ubuntu 22.04 instead of the new database_in= showing a false error where workaround was not applied.

Is not possible to use <% if "ubuntu2204" in product %> for this rule as fix?

@dodys
Copy link
Contributor

dodys commented May 7, 2024

not really a priority for us now, since database is still supported on 22.04
adding the checks would be required on bash, ansible, oval and rule.yml

@dodys
Copy link
Contributor

dodys commented May 7, 2024

not really a priority for us now, since database is still supported on 22.04 adding the checks would be required on bash, ansible, oval and rule.yml

and a reminder that you would still need to keep compatibility to database as people might not have migrated to the new item.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Ubuntu Ubuntu product related.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dodys @marcofortina