-
Bug
-
Resolution: Done-Errata
-
Major
-
None
-
4.18.z
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
The rule directory-access-var-log-audit appears to fail in FedRAMP moderate and high RHCOS profile scans, even after applying the remediation.
We're seeing this in CI on upstream patches:
https://github.com/ComplianceAsCode/content/pull/13227
helpers.go:872: Result - Name: e2e-moderate-master-directory-access-var-log-audit - Status: FAIL - Severity: medium
helpers.go:879: E2E-FAILURE: The expected remediated result for the e2e-moderate-master-directory-access-var-log-audit rule didn't match. Expected 'PASS', Got 'FAIL'
After initial analysis - we suspect https://github.com/ComplianceAsCode/content/pull/13215 might have affected this rule.
Version-Release number of selected component (if applicable):
How reproducible:
100% in CI
Steps to Reproduce:
1. Run the rhcos4-moderate profile
2. Assert the directory-access-var-log-audit rule fails for master/worker nodes
3. Apply the remediation
4. Check the directory-access-var-log-audit rule again
Actual results:
The rule fails.
Expected results:
It should pass after applying the remediation
Additional info:
- links to
-
RHBA-2025:3728
OpenShift Compliance Operator 1.7.0