Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rule accounts_tmout is misaligned with DISA STIG #11548

Closed
vojtapolasek opened this issue Feb 6, 2024 · 1 comment
Closed

rule accounts_tmout is misaligned with DISA STIG #11548

vojtapolasek opened this issue Feb 6, 2024 · 1 comment
Labels
blocked Issue that can't be fixed in content. productization-issue Issue found in upstream stabilization process.

Comments

@vojtapolasek
Copy link
Collaborator

Description of problem:

The problem is with the rule account_tmout.
This rule checks for certain line within Bash startup files.
The DISA counterpart is xccdf_mil.disa.stig_rule_SV-204579r861070_rule.
The core of the problem lies in the fact that DISA uses the "declare" keyword in the command, where our content has recently switched to usage of "typeset". It happened in this PR: #11289
It increases compatibility with shells.

SCAP Security Guide Version:

stabilization-v0.1.72 branch, commit 7fb44f7

Operating System Version:

RHEL 7

Steps to Reproduce:

  1. scan and remediate system with our content, then scan again and save results
  2. scan the system with DISA SCAP and save results
  3. use the compare_results.py script to compare result files and see difference.

Alternatively, build the datastream and search for "tmout" in OVAL. Do the same for the DISA provided SCAP file.

Actual Results:

While the rule from this repo passes, DISA content rule fails.

Expected Results:

Both rules should pass.

Additional Information/Debugging Steps:
@vojtapolasek vojtapolasek added productization-issue Issue found in upstream stabilization process. blocked Issue that can't be fixed in content. labels Feb 6, 2024
Mab879 added a commit to Mab879/contest that referenced this issue May 1, 2024
@Mab879
Add accounts_tmout is a DISA misalignment wavier
a3b10db 
See ComplianceAsCode/content#11548
@Mab879 Mab879 mentioned this issue May 1, 2024
Merged
Mab879 added a commit to Mab879/contest that referenced this issue May 2, 2024
@Mab879
Add accounts_tmout is a DISA misalignment wavier
d6cfb92 
See ComplianceAsCode/content#11548
comps pushed a commit to Mab879/contest that referenced this issue May 3, 2024
@Mab879 @comps
Add accounts_tmout is a DISA misalignment wavier
cb82e7d 
See ComplianceAsCode/content#11548
comps pushed a commit to Mab879/contest that referenced this issue May 3, 2024
@Mab879 @comps
Add accounts_tmout is a DISA misalignment wavier
7bd5bc4 
See ComplianceAsCode/content#11548
mildas pushed a commit to RHSecurityCompliance/contest that referenced this issue May 3, 2024
@Mab879 @mildas
Add accounts_tmout is a DISA misalignment wavier
f47152c 
See ComplianceAsCode/content#11548
@mildas mildas mentioned this issue Aug 8, 2024
Merged
@mildas
Copy link
Contributor

mildas commented Aug 9, 2024

Passed in 2 recent stabilization test runs and 1 daily productization. Thus, closing as it seems to be fixed

@mildas mildas closed this as completed Aug 9, 2024
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked Issue that can't be fixed in content. productization-issue Issue found in upstream stabilization process.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vojtapolasek @mildas