Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-53426

RHEL 9 STIG XCCDF should relax NetworkManager DNS setting

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.5.z
    • rhel-9.5
    • scap-security-guide
    • None
    • scap-security-guide-0.1.75-1.el9
    • rhel-sst-security-compliance
    • ssg_security
    • 1
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • None

      Goal

      • The DISA STIG for RHEL 9 specifies that there must be an explicit setting for DNS handling by NetworkManager; either dns=none or dns=default must be set in /etc/NetworkManager/NetworkManager.conf [1].  The STIG profile in RHEL 9.4 is setting "dns=none" in generated remediation code, which prevents NM from updating resolv.conf with DNS information from DHCP.  "dns=default" is a valid value for the STIG but allows NM to update resolv.conf with DNS settings from DHCP.  This is a more pragmatic default.

      [1] https://www.stigviewer.com/stig/red_hat_enterprise_linux_9/2023-12-01/finding/V-257949

      Acceptance Criteria

      • When running 'oscap xccdf generate fix ...' for the STIG profiles, the resulting code should set dns=default.

              vpolasek@redhat.com Vojtech Polasek
              rhn-gps-jsturges Jonathan Sturges
              Vojtech Polasek Vojtech Polasek
              Milan Lysonek Milan Lysonek
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: