Loading...

XML

Word

Printable

Type: Bug
Resolution: Cannot Reproduce
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.12, 4.14
Component/s: Compliance Operator
Labels:

Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:
PX Scheduling Request:
PX Priority Data:
PX Impact Range:
PX Review Complete:
PX Technical Impact:

Description of problem:

Compiance scan fails, when same tailor profile and scansetitng bindings are use the scan works on our end but not on the CU's end

Version-Release number of selected component (if applicable):

compliance operator

How reproducible:

apply the same tailorprofile and scansetting binding

Steps to Reproduce:

    1. apply tailor-profile
    2. apply the scansetting binding

Actual results:

ocp4-cis-node-modified-master-file-permissions-controller-manager-kubeconfig        FAIL     medium
ocp4-cis-node-modified-master-file-permissions-kube-controller-manager              FAIL     medium
ocp4-cis-node-modified-master-file-permissions-scheduler-kubeconfig                 FAIL     medium
ocp4-moderate-node-modified-master-file-permissions-controller-manager-kubeconfig   FAIL     medium
ocp4-moderate-node-modified-master-file-permissions-kube-controller-manager         FAIL     medium
ocp4-moderate-node-modified-master-file-permissions-scheduler-kubeconfig            FAIL     medium
ocp4-pci-dss-node-modified-master-file-permissions-controller-manager-kubeconfig    FAIL     medium
ocp4-pci-dss-node-modified-master-file-permissions-kube-controller-manager          FAIL     medium
ocp4-pci-dss-node-modified-master-file-permissions-scheduler-kubeconfig             FAIL     medium

Expected results:

ocp4-master-file-permissions-controller-manager-kubeconfig           PASS     medium
ocp4-master-file-permissions-etcd-data-dir                           PASS     medium
ocp4-master-file-permissions-etcd-data-files                         PASS     medium
ocp4-master-file-permissions-etcd-member                             PASS     medium
ocp4-master-file-permissions-etcd-pki-cert-files                     PASS     medium
ocp4-master-file-permissions-kube-apiserver                          PASS     medium
ocp4-master-file-permissions-kube-controller-manager                 PASS     medium
ocp4-master-file-permissions-kubelet-conf                            PASS     medium
ocp4-master-file-permissions-master-admin-kubeconfigs                PASS     medium
ocp4-master-file-permissions-multus-conf                             PASS     medium
ocp4-master-file-permissions-openshift-pki-cert-files                PASS     medium
ocp4-master-file-permissions-openshift-pki-key-files                 PASS     medium
ocp4-master-file-permissions-ovs-conf-db                             PASS     medium
ocp4-master-file-permissions-ovs-conf-db-lock                        PASS     medium
ocp4-master-file-permissions-ovs-pid                                 PASS     medium
ocp4-master-file-permissions-ovs-sys-id-conf                         PASS     medium
ocp4-master-file-permissions-ovs-vswitchd-pid                        PASS     medium
ocp4-master-file-permissions-ovsdb-server-pid                        PASS     medium
ocp4-master-file-permissions-scheduler                               PASS     medium
ocp4-master-file-permissions-scheduler-kubeconfig                    PASS     medium
ocp4-master-file-permissions-worker-ca                               PASS     medium
ocp4-master-file-permissions-worker-kubeconfig                       PASS     medium
ocp4-master-file-permissions-worker-service                          PASS     medium

Additional info:

We have reproduced this issue on our end on Openshift V.4.12 and V.4.14 and compliance-operator.v1.4.0 and all the scans were passed but Customer's end the scans were failing

Tailor-Profile : [ https://one.redhat.com/attachment-viewer/viewer?caseNumber=03710574&uuid=382e9032-f00e-4b67-a558-75dda48684f8|]

disableRules:
- name: ocp4-file-permissions-cni-conf
rationale: ~~OCPBUGS-22995~~ - Rule ocp4-file-permissions-cni-conf returned a false
negative result
- name: ocp4-reject-unsigned-images-by-default
rationale: Not Applicable
extends: ocp4-cis-node
title: ocp4-cis-node modified profile

is blocked by

OCPBUGS-22995 Rule ocp4-cis-file-permissions-cni-conf returned a false negative result

Closed

links to

KCS: Updated Compliance Operator CIS profile v1.4 fails on file permissions mode 600 and no remediation is available

Assignee:: Lance Bragstad

Reporter:: Manthan Sarage

QA Contact:: Xiaojie Yuan

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/03/14 5:19 AM

Updated:: 2024/09/17 11:48 AM

Resolved:: 2024/09/17 11:48 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates