-
Bug
-
Resolution: Done
-
Undefined
-
None
-
rhel-8.7.0
-
None
-
None
-
sst_security_compliance
-
ssg_security
-
None
-
False
-
-
No
-
None
-
None
-
None
-
Release Note Not Required
-
-
Unspecified
-
None
Description of problem:
DISA's rule xccdf_mil.disa.stig_rule_SV-230264r627750_rule fails after kickstart installation of RHEL8 hardened with STIG profile.
Version-Release number of selected component (if applicable):
scap-security-guide-0.1.63-1.el8.noarch
How reproducible:
100%
Steps to Reproduce:
1. Install RHEL8 with STIG profile
2. oscap xccdf eval --profile '(all)' --rule xccdf_mil.disa.stig_rule_SV-230264r627750_rule disa-stig-rhel8-v1r6-xccdf-scap.xml
Actual results:
Title RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
Rule xccdf_mil.disa.stig_rule_SV-230264r627750_rule
Ident CCI-001749
Result fail
Expected results:
Title RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
Rule xccdf_mil.disa.stig_rule_SV-230264r627750_rule
Ident CCI-001749
Result pass
Additional info:
Fails only after kickstart installation. When remediating clean RHEL8 machine using scap-security-guide's ensure_gpgcheck_globally_activated rule, then the DISA STIG rule passes.
- external trackers