-
Notifications
You must be signed in to change notification settings - Fork 684
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CIS 5.5.2 Ensure system accounts are secured #11910
Comments
Version 0.1.72 does not report this error:
master branch (commit 59013f6):
It seams the issue was introduced after 0.1.72 release. |
Last good commit c35978f:
From commit a936357:
|
PR #11896 broke pass result on Ubuntu 22.04 I agree on the usage of 5.5.2 Ensure system accounts are secured (Automated) - Page: 714: Audit: Run the following commands and verify no results are returned:
Here My option is PR #11896 should be rollback and if needed for other kind of recommendations (eg STIG. PCI-DSS and so on) write a patch that is compliant with everyone and that does not create regressions with those indicated by CIS. |
Hi @marcofortina , looks like this rule was changed in CIS v2.0.0 to not allow 5.4.2.7 Ensure system accounts do not have a valid login shell That said, since we do not support CIS v2.0.0 yet, I think the best thing to do is to temporarily patch the OVAL for Ubuntu. |
Same issue also on SLES15 |
Description of problem:
Check for rule
xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts
always fail.SCAP Security Guide Version:
master branch
Operating System Version:
Ubuntu 22.04 LTS
Steps to Reproduce:
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level2_server --rule xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts ssg-ubuntu2204-ds.xml
Actual Results:
Expected Results:
Additional Information/Debugging Steps:
The text was updated successfully, but these errors were encountered: