-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-8.5.0
-
sst_security_special_projects
-
None
-
False
-
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
Description of problem:
I have copied the the 30-pci-dss-v31.rules in the /etc/audit/rules.d/ and rebuild the audit rules.
The SCAP report for pci-dss fails on missing many audit rules.
For example the 2 rules below:
- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr
- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir
For the OSPP the provided rules in /usr/share/audit/sample-rules where enough to Pass all the Audit check of the OSPP SCAP run.
I expected the same for PCI-DSS SCAP report, just copy the 30-pci-dss-v31.rules to the /etc/audit/rules.d/ and all Audit rules tests are getting Passed.
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
- Copy usr/share/audit/sample-rules/30-pci-dss-v31.rules and the surround boiler plate 10-base-config and 99-finalize to /etc/audit/rules.d
- Run augenrules
- Run scap for pcidss
/usr/bin/oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss -
-results-arf /var/tmp/compliance-report-pci-dss.xml /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
usr/bin/oscap xccdf generate report /var/tmp/compliance-report-pci-dss.xml
Results:
- Many failing SCAP tests on Audit
Expectation
- Audit tests in SCAP report are Passed
Additional info:
More info in case.