Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-104073

Filepath and Pattern Fields Inverted in HTML Compliance Report Output

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.6
    • openscap
    • rhel-security-compliance
    • 2
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      I was trying to review compliance checks in an OpenSCAP generated HTML report (STIG profile) and expected the output to show the correct mapping between regex patterns and the target filepaths.

      What is the impact of this issue to you?

      This causes confusion when interpreting results

      Please provide the package NVR for which the bug is seen:

      scap-security-guide-doc-0.1.76-1.el9.noarch
      openscap-1.3.12-1.el9_6.x86_64

      How reproducible is this bug?:

      100% reproducible.

      Steps to reproduce

      Run a scan using oscap  with STIG profile:

      oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --report /tmp/stig.html /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml

      Open stig.html in a browser.[^stig.html]

      Locate columns with Filepath | Pattern | Instance fielld.

      $ grep -E '<tr><td>[^<]*[\\^.*].*</td><td>/etc/.*</td>' stig.html
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^[\s]*auth[\s]+(?:required|requisite)[\s]+pam_faillock.so[^\n#]preauth[^\n#]*audit</td><td>/etc/pam.d/system-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the presence of audit parameter in password-auth</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^[\s]*auth[\s]+(?:required|requisite)[\s]+pam_faillock.so[^\n#]preauth[^\n#]*audit</td><td>/etc/pam.d/password-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the absence of audit parameter in /etc/security/faillock.conf</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^[\s]*auth[\s]+(?:required|requisite)[\s]+pam_faillock.so[^\n#]preauth[^\n#]*audit</td><td>/etc/pam.d/system-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the absence of audit parameter in password-auth</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^[\s]*auth[\s]+(?:required|requisite)[\s]+pam_faillock.so[^\n#]preauth[^\n#]*audit</td><td>/etc/pam.d/password-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the expected audit value in in /etc/security/faillock.conf</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^\s*auth\N+pam_unix\.so</td><td>/etc/pam.d/system-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">no more that one pam_unix.so is expected in auth section of password-auth</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^\s*auth\N+pam_unix\.so</td><td>/etc/pam.d/password-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">One and only one occurrence is expected in auth section of system-auth</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td><table><tr><td>3</td></tr><tr><td>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)</td></tr></table></td><td>/etc/pam.d/system-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the expected deny value in password-auth</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td><table><tr><td>3</td></tr><tr><td>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)</td></tr></table></td><td>/etc/pam.d/password-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the absence of deny parameter in /etc/security/faillock.conf</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^[\s]*deny[\s]*=[\s]*([0-9]+)</td><td>/etc/security/faillock.conf</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the absence of deny parameter in system-auth</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)</td><td>/etc/pam.d/system-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the absence of deny parameter in password-auth</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)</td><td>/etc/pam.d/password-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the expected deny value in /etc/security/faillock.conf</span>                  <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td><table><tr><td>900</td></tr><tr><td>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*fail_interval=([0-9]+)</td></tr></table></td><td>/etc/pam.d/system-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the expected fail_interval value in password-auth</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td><table><tr><td>900</td></tr><tr><td>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*fail_interval=([0-9]+)</td></tr></table></td><td>/etc/pam.d/password-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the absence of fail_interval parameter in /etc/security/faillock.conf</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^[\s]*fail_interval[\s]*=[\s]*([0-9]+)</td><td>/etc/security/faillock.conf</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the absence of fail_interval parameter in system-auth</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*fail_interval=([0-9]+)</td><td>/etc/pam.d/system-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the absence of fail_interval parameter in password-auth</span> 
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*fail_interval=([0-9]+)</td><td>/etc/pam.d/password-auth</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Check the expected fail_interval value in /etc/security/faillock.conf</span> 

      Expected results

      • Filepath" column should show actual file locations, like /etc/pam.d/system-auth
      • "Pattern" column should show the regex used to check those files

      Actual results

      The columns are inverted: regex appears under "Filepath", and actual filepath under "Pattern"

        1. Screenshot from 2025-07-16 21-06-32.png
          Screenshot from 2025-07-16 21-06-32.png
          111 kB

              rh-ee-adenisov Artem Denisov
              rhn-support-vbhope Vaibhav Bhope
              Jan Cerny Jan Cerny
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: