test scenarios for firewalld_sshd_port_enabled are failing on RHEL 8.6 #11947

vojtapolasek · 2024-05-06T13:53:12Z

Description of problem:

There are test scenarios which should make the rule firewalld_sshd_port_enabled fail. But the rule passes when they are executed.

customized_zone_without_ssh.fail.sh
new_zone_without_ssh.fail.sh
only_nics_configured.fail.sh

SCAP Security Guide Version:

stabilization-v0.1.73, commit 0b096bc

Operating System Version:

RHEL 8.6

Steps to Reproduce:

./build_product rhel8
cd tests/
python automatus.py rule --libvirt qemu:///system <domain_name> --remediate-using ansible firewalld_sshd_port_enabled

Actual Results:

The scan after applying test scenarious should return "fail", but it returns "pass".

Expected Results:

The test scenario returns "fail" and the remediation is performed. The final result should be "pass".

Additional Information/Debugging Steps:

The --remediate-using does not play a role here as the problem appears after the first scan, before remediation.

The text was updated successfully, but these errors were encountered:

Mab879 · 2024-05-07T13:47:10Z

This might need a sometimes wavier.

Also needs more investigation from the testing env.

vojtapolasek · 2024-05-10T12:56:54Z

This manifested also in the second stabilization run.

Mab879 · 2024-05-10T14:04:19Z

Locally I can't reproduce.

$ ./automatus.py rule --datastream ../build/ssg-rhel8-ds.xml --remediate-using oscap  --libvirt qemu:///system automatus_rhel_8_6 firewalld_sshd_port_enabled 
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/mburket/Developer/ComplianceAsCode/content/tests/logs/rule-custom-2024-05-10-0831/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_firewalld_sshd_port_enabled
INFO - Script customized_zone_configured.pass.sh using profile (all) OK
INFO - Script customized_zone_without_ssh.fail.sh using profile (all) OK
INFO - Script new_zone_configured.pass.sh using profile (all) OK
INFO - Script new_zone_without_ssh.fail.sh using profile (all) OK
INFO - Script only_nics_configured.fail.sh using profile (all) OK
INFO - Script only_zones_configured.fail.sh using profile (all) OK
INFO - Script zones_and_nics_configured.pass.sh using profile (all) OK
INFO - Script zones_and_nics_ok_no_custom_files.pass.sh using profile (all) OK
INFO - Script zones_and_nics_ok_port_changed.pass.sh using profile (all) OK

mildas · 2024-05-23T08:16:20Z

All test scenarios for this rule pass on latest RHEL8. Moreover, 8.6 EUS ends in few weeks and no SSG updates there anymore. Thus, closing this issue.

vojtapolasek added the productization-issue Issue found in upstream stabilization process. label May 6, 2024

vojtapolasek added this to the 0.1.73 milestone May 6, 2024

Mab879 self-assigned this May 7, 2024

Mab879 removed their assignment May 10, 2024

Mab879 modified the milestones: 0.1.73, 0.1.74 May 16, 2024

mildas closed this as completed May 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test scenarios for firewalld_sshd_port_enabled are failing on RHEL 8.6 #11947

test scenarios for firewalld_sshd_port_enabled are failing on RHEL 8.6 #11947

vojtapolasek commented May 6, 2024 •

edited

Mab879 commented May 7, 2024

vojtapolasek commented May 10, 2024

Mab879 commented May 10, 2024

mildas commented May 23, 2024

test scenarios for firewalld_sshd_port_enabled are failing on RHEL 8.6 #11947

test scenarios for firewalld_sshd_port_enabled are failing on RHEL 8.6 #11947

Comments

vojtapolasek commented May 6, 2024 • edited

Description of problem:

SCAP Security Guide Version:

Operating System Version:

Steps to Reproduce:

Actual Results:

Expected Results:

Additional Information/Debugging Steps:

Mab879 commented May 7, 2024

vojtapolasek commented May 10, 2024

Mab879 commented May 10, 2024

mildas commented May 23, 2024

vojtapolasek commented May 6, 2024 •

edited