Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-39383

Authselect rules hardening wipes already active features

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.4.z
    • rhel-8.10.z, rhel-9.4
    • scap-security-guide
    • None
    • scap-security-guide-0.1.74-1.el9_4
    • None
    • None
    • rhel-sst-security-compliance
    • ssg_security
    • 26
    • 1
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • None
    • None

      What were you trying to do that didn't work?

      When applying `/usr/share/scap-security-guide/ansible/rhel9-playbook-cis_server_l1.yml`, authconfig features originally enabled on the system are not preserved

      Please provide the package NVR for which bug is seen:

      scap-security-guide-0.1.69-2.el9_2 (-72 is unconfirmed)

      How reproducible:

      reliably

      Steps to reproduce

      1. select authselect profile `sssd`: authselect select sssd
      2. add some features like `with-mkhomedir` not present in the playbook: authselect enable-feature with-mkhomedir
      3. execute hardening playbook
      4. run authselect current

      Expected results

      Originally present features (like `with-mkhomedir`) are present

      Actual results

      Enabled features:

      • with-pwhistory
      • with-faillock

              maburgha@redhat.com Marcus Burghardt
              mhaicman@redhat.com Marek Haicman
              Marcus Burghardt Marcus Burghardt
              Milan Lysonek Milan Lysonek
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: