Details
-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
4.12, 4.14
-
No
-
Proposed
-
False
-
Description
Description of problem:
Compiance scan fails, when same tailor profile and scansetitng bindings are use the scan works on our end but not on the CU's end
Version-Release number of selected component (if applicable):
compliance operator
How reproducible:
apply the same tailorprofile and scansetting binding
Steps to Reproduce:
1. apply tailor-profile
2. apply the scansetting binding
Actual results:
ocp4-cis-node-modified-master-file-permissions-controller-manager-kubeconfig FAIL medium ocp4-cis-node-modified-master-file-permissions-kube-controller-manager FAIL medium ocp4-cis-node-modified-master-file-permissions-scheduler-kubeconfig FAIL medium ocp4-moderate-node-modified-master-file-permissions-controller-manager-kubeconfig FAIL medium ocp4-moderate-node-modified-master-file-permissions-kube-controller-manager FAIL medium ocp4-moderate-node-modified-master-file-permissions-scheduler-kubeconfig FAIL medium ocp4-pci-dss-node-modified-master-file-permissions-controller-manager-kubeconfig FAIL medium ocp4-pci-dss-node-modified-master-file-permissions-kube-controller-manager FAIL medium ocp4-pci-dss-node-modified-master-file-permissions-scheduler-kubeconfig FAIL medium
Expected results:
ocp4-master-file-permissions-controller-manager-kubeconfig PASS medium ocp4-master-file-permissions-etcd-data-dir PASS medium ocp4-master-file-permissions-etcd-data-files PASS medium ocp4-master-file-permissions-etcd-member PASS medium ocp4-master-file-permissions-etcd-pki-cert-files PASS medium ocp4-master-file-permissions-kube-apiserver PASS medium ocp4-master-file-permissions-kube-controller-manager PASS medium ocp4-master-file-permissions-kubelet-conf PASS medium ocp4-master-file-permissions-master-admin-kubeconfigs PASS medium ocp4-master-file-permissions-multus-conf PASS medium ocp4-master-file-permissions-openshift-pki-cert-files PASS medium ocp4-master-file-permissions-openshift-pki-key-files PASS medium ocp4-master-file-permissions-ovs-conf-db PASS medium ocp4-master-file-permissions-ovs-conf-db-lock PASS medium ocp4-master-file-permissions-ovs-pid PASS medium ocp4-master-file-permissions-ovs-sys-id-conf PASS medium ocp4-master-file-permissions-ovs-vswitchd-pid PASS medium ocp4-master-file-permissions-ovsdb-server-pid PASS medium ocp4-master-file-permissions-scheduler PASS medium ocp4-master-file-permissions-scheduler-kubeconfig PASS medium ocp4-master-file-permissions-worker-ca PASS medium ocp4-master-file-permissions-worker-kubeconfig PASS medium ocp4-master-file-permissions-worker-service PASS medium
Additional info:
We have reproduced this issue on our end on Openshift V.4.12 and V.4.14 and compliance-operator.v1.4.0 and all the scans were passed but Customer's end the scans were failing
Tailor-Profile : [ https://one.redhat.com/attachment-viewer/viewer?caseNumber=03710574&uuid=382e9032-f00e-4b67-a558-75dda48684f8|]
disableRules:
- name: ocp4-file-permissions-cni-conf
rationale: OCPBUGS-22995 - Rule ocp4-file-permissions-cni-conf returned a false
negative result
- name: ocp4-reject-unsigned-images-by-default
rationale: Not Applicable
extends: ocp4-cis-node
title: ocp4-cis-node modified profile
