Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: scap-security-guide
Labels:
- cee

Regression:
No
Severity:
Low

AssignedTeam:
rhel-security-compliance

Story Points:
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

During Ansible remediation using an Ansible user that requires sudo the rule as written will select a blank profile that will persist until manually fixed or rolled back.

The remediation generated is;

- name: Set number of Password Hashing Rounds - password-auth - Ensure the authselect custom profile is selected
  ansible.builtin.command:
    cmd: authselect select {{ authselect_custom_profile }}
  register: result_pam_authselect_select_profile
  when:
    - result_authselect_check_cmd is success
    - result_authselect_profile is not skipped
    - authselect_current_profile is not match("custom/")
    - authselect_custom_profile is not match(authselect_current_profile)

Without the `with-sudo` option added to the `authselect select` command a blank profile is selected, rather than the current profile in use and this needs to be manually corrected or rolled back after the run.

Assignee:: Vojtech Polasek

Reporter:: Paul Dudley

Developer:: Vojtech Polasek

QA Contact:: SSG Security QE

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 2025/07/21 10:27 PM

Updated:: 2025/09/25 12:19 PM

Resolved:: 2025/09/25 12:18 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide