Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-26193

The OCP4 STIG profile is missing existing rules from CaC/content

XMLWordPrintable

      Description of problem:

          The STIG profile is missing rules from CaC/content that fulfill requirements on the published STIG for OCP4.
      List of rules missing in the profile:
       - ocp4-oauth-or-oauthclient-token-maxage
       - rhcos4-audit-delete-failed
       - rhcos4-audit-immutable-login-uids
       - rhcos4-audit-rules-privileged-commands-pt-chown
       - rhcos4-audit-rules-privileged-commands-write
       - rhcos4-audit-rules-unsuccessful-file-modification-rename
       - rhcos4-audit-rules-unsuccessful-file-modification-renameat
       - rhcos4-audit-rules-unsuccessful-file-modification-unlink
       - rhcos4-audit-rules-unsuccessful-file-modification-unlinkat
       - rhcos4-configure-usbguard-auditbackend
       - rhcos4-coreos-audit-backlog-limit-kernel-argument
       - rhcos4-kernel-module-usb-storage
       - rhcos4-kernel-module-usb-storage-disabled
       - rhcos4-package-usbguard-installed
       - rhcos4-service-sshd-disabled
       - rhcos4-service-usbguard-enabled
       - rhcos4-usbguard-allow-hid-and-hub

      Version-Release number of selected component (if applicable):

          v1.3.1

      How reproducible:

          Always

      Steps to Reproduce:

          1. Install Compliance Operator
          2. Create a SSB with auto-remediation using STIG profile
      
          

      Actual results:

          The cluster doesn't satisfy some of STIG's requirements for which automation already exists.

      Expected results:

          The cluster satisfies STIG requirements that can be remediated via automation.

      Additional info:

          

            wsato@redhat.com Watson Sato
            wsato@redhat.com Watson Sato
            Xiaojie Yuan Xiaojie Yuan
            Votes:
            4 Vote for this issue
            Watchers:
            15 Start watching this issue

              Created:
              Updated:
              Resolved: