-
Bug
-
Resolution: Done-Errata
-
Undefined
-
None
-
4.14
Description of problem:
The STIG profile is missing rules from CaC/content that fulfill requirements on the published STIG for OCP4. List of rules missing in the profile: - ocp4-oauth-or-oauthclient-token-maxage - rhcos4-audit-delete-failed - rhcos4-audit-immutable-login-uids - rhcos4-audit-rules-privileged-commands-pt-chown - rhcos4-audit-rules-privileged-commands-write - rhcos4-audit-rules-unsuccessful-file-modification-rename - rhcos4-audit-rules-unsuccessful-file-modification-renameat - rhcos4-audit-rules-unsuccessful-file-modification-unlink - rhcos4-audit-rules-unsuccessful-file-modification-unlinkat - rhcos4-configure-usbguard-auditbackend - rhcos4-coreos-audit-backlog-limit-kernel-argument - rhcos4-kernel-module-usb-storage - rhcos4-kernel-module-usb-storage-disabled - rhcos4-package-usbguard-installed - rhcos4-service-sshd-disabled - rhcos4-service-usbguard-enabled - rhcos4-usbguard-allow-hid-and-hub
Version-Release number of selected component (if applicable):
v1.3.1
How reproducible:
Always
Steps to Reproduce:
1. Install Compliance Operator 2. Create a SSB with auto-remediation using STIG profile
Actual results:
The cluster doesn't satisfy some of STIG's requirements for which automation already exists.
Expected results:
The cluster satisfies STIG requirements that can be remediated via automation.
Additional info:
- is related to
-
CMP-2252 CNTR-OS-001010 - rule disable_SSHD_service is not included in the STIG profile
- Closed
- links to
-
RHBA-2024:129828 openshift-compliance-operator bug fix and/or enhancement update
- mentioned on