Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-102328

Rule "ensure_gpgcheck_never_disabled" is not selected for CIS on RHEL9

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.6.z
    • rhel-9.6
    • scap-security-guide
    • None
    • scap-security-guide-0.1.78-1.el9
    • Yes
    • Low
    • rhel-security-compliance
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • None
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      As per CIS_Red_Hat_Enterprise_Linux_9_Benchmark_v2.0.0 specification, rule ensure_gpgcheck_never_disabled is supposed to be selected for CIS Level 1 (page 134), but for some reason it's only selected for CIS level 1 on RHEL8:

      $ grep -rw ensure_gpgcheck_never_disabled | grep cis
[...]
controls/cis_sle12.yml:    - ensure_gpgcheck_never_disabled
controls/cis_rhel8.yml:      - ensure_gpgcheck_never_disabled
controls/cis_sle15.yml:      - ensure_gpgcheck_never_disabled

      Only ensure_gpgcheck_globally_activated part is enabled on RHEL9.

              vpolasek@redhat.com Vojtech Polasek
              rhn-support-rmetrich Renaud Métrich
              Vojtech Polasek Vojtech Polasek
              Matus Marhefka Matus Marhefka
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: