Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.4
Affects Version/s: rhel-9.3.0
Component/s: scap-security-guide
Labels:
None

Pool Team:

sst_security_compliance
Sub-System Group:

ssg_security

Internal Target Milestone:
26
Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None

Acceptance Criteria:
Hide

Manually uninstall `yum` and check that

$ oscap xccdf eval --profile '(all)' --rule xccdf_org.ssgproject.content_rule_clean_components_post_updating /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml $ oscap xccdf eval --profile '(all)' --rule xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml $ oscap xccdf eval --profile '(all)' --rule xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml

are applicable (either fail or pass result)
Show
Manually uninstall `yum` and check that $ oscap xccdf eval --profile '(all)' --rule xccdf_org.ssgproject.content_rule_clean_components_post_updating /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml $ oscap xccdf eval --profile '(all)' --rule xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml $ oscap xccdf eval --profile '(all)' --rule xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml are applicable (either fail or pass result)
Git Pull Request:
https://github.com/ComplianceAsCode/content/pull/11430
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/128049
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

There are a few SCAP tests that check dnf settings (in /etc/dnf/dnf.conf) but before those checks are run, there is a check to ensure the 'yum' rpm is installed. When dnf is installed, but yum is NOT installed these tests show the result 'Not Applicable', but they really are applicable as dnf is installed.

I'm thinking specifically of the following:
CCE-83463-0

CCE-83457-2

CCE-83458-0

I'm seeing this on RHEL 9.3

scap-security-guide-0.1.69-2.el9.noarch.rpm

links to

RHBA-2024:128049 scap-security-guide bug fix and enhancement update

mentioned on

Merge request - Rebase to new upstream version 0.1.72

Merge request - Updated US source to: 18cf4d8 Merge pull request #11638 from Vincent056/debug-shell

Assignee:: Jan Cerny

Reporter:: David Sugar

Developer:: Vojtech Polasek

QA Contact:: Milan Lysonek

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2023/11/27 4:29 PM

Updated:: 2024/03/06 2:24 PM

Resolved:: 2024/02/26 1:52 PM

Target end:: 2024/02/26

Release Date:: 2024/02/26

Details

Description

Attachments

Issue Links

Activity

People

Dates