Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-3920

Rule rhcos4-sysctl-net-core-bpf-jit-harden reports state ERROR when the autoremediations are applied

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      1. Install CO 1.8.0 on OCP 4.20
      2. Create ssb with rhcos4-e8 profile and default scansetting
      3. Apply remediations 
      4. Check the results of the following command: 
        $ oc get ccr |grep sysctl-net-core-bpf-jit-harden
      Show
      Install CO 1.8.0 on OCP 4.20 Create ssb with rhcos4-e8 profile and default scansetting Apply remediations  Check the results of the following command: $ oc get ccr |grep sysctl-net-core-bpf-jit-harden

      After applying the autoremediation the rule rhcos4-sysctl-net-core-bpf-jit-harden goes into ERROR state on 4.20 cluster with the CO 1.8.0 installed: 

      $ oc get cr |grep sysctl-net-core-bpf-jit-harden
rhcos4-e8-master-sysctl-net-core-bpf-jit-harden             NotApplied
rhcos4-e8-worker-sysctl-net-core-bpf-jit-harden             NotApplied


$ oc get ccr |grep sysctl-net-core-bpf-jit-harden
rhcos4-e8-master-sysctl-net-core-bpf-jit-harden             FAIL     medium
rhcos4-e8-worker-sysctl-net-core-bpf-jit-harden             FAIL     medium

$ for i in `oc get cr -o=jsonpath={.items[*].metadata.name}`; do oc patch complianceremediations/$i --patch '{"spec": {"apply": true}}' --type=merge ; done
...
complianceremediation.compliance.openshift.io/rhcos4-e8-master-sysctl-net-core-bpf-jit-harden patched
complianceremediation.compliance.openshift.io/rhcos4-e8-worker-sysctl-net-core-bpf-jit-harden patched
...

$ oc get cr |grep sysctl-net-core-bpf-jit-harden
rhcos4-e8-master-sysctl-net-core-bpf-jit-harden             Applied
rhcos4-e8-worker-sysctl-net-core-bpf-jit-harden             Applied

$ oc get ccr |grep sysctl-net-core-bpf-jit-harden
rhcos4-e8-master-sysctl-net-core-bpf-jit-harden             ERROR    medium
rhcos4-e8-worker-sysctl-net-core-bpf-jit-harden             ERROR    medium

      Actual result: 

      $ oc get ccr |grep sysctl-net-core-bpf-jit-harden 
rhcos4-e8-master-sysctl-net-core-bpf-jit-harden             ERROR    medium 
rhcos4-e8-worker-sysctl-net-core-bpf-jit-harden             ERROR    medium

      Expected result: 

      $ oc get ccr |grep sysctl-net-core-bpf-jit-harden 
rhcos4-e8-master-sysctl-net-core-bpf-jit-harden             PASS    medium 
rhcos4-e8-worker-sysctl-net-core-bpf-jit-harden             PASS    medium

              wenshen@redhat.com Vincent Shen
              rh-ee-akoudelk Anna Koudelkova
              Xiaojie Yuan Xiaojie Yuan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: