Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHEL7 CIS Level 2 Server - not possible to connect to a machine after installation #7233

Closed
mildas opened this issue Jul 12, 2021 · 1 comment · Fixed by #7237
Closed

RHEL7 CIS Level 2 Server - not possible to connect to a machine after installation #7233

mildas opened this issue Jul 12, 2021 · 1 comment · Fixed by #7237
Assignees
@vojtapolasek

Comments

@mildas
Copy link
Contributor

mildas commented Jul 12, 2021

Description of problem:

It is not possible to connect to machine installed using RHEL7 CIS Level 2 Server profile.

SCAP Security Guide Version:

452b4c2

Operating System Version:

RHEL 7.9

Steps to Reproduce:

  1. python3 tests/test_suite.py profile --libvirt qemu:///system test_suite_vm --datastream /tmp/ssg-rhel7-ds.xml --xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml --mode online --remediate-using oscap xccdf_org.ssgproject.content_profile_cis

Actual Results:

INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /tmp/tmp.M5JajzXCxW/logs/profile-custom-2021-07-10-0511/test_suite.log
INFO - Evaluation of the profile has passed: xccdf_org.ssgproject.content_profile_cis (initial stage).
INFO - Evaluation of the profile has passed: xccdf_org.ssgproject.content_profile_cis (remediation stage).
INFO - Rebooting domain 'test_suite_vm' before final scan.
ERROR - Terminating due to timeout: Timeout reached: 'test_suite_vm' (192.168.122.237:22) domain does not accept connections.
Setting console output to log level INFO

Expected Results:

It is possible to connect to the machine.

Additional Information/Debugging Steps:

Failures from remediation HTML report:
xccdf_org.ssgproject.content_rule_sudo_custom_logfile - unknown
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_rmmod - error (no remediation)
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_insmod - error (no remediation)
xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_modprobe - error (no remediation)
xccdf_org.ssgproject.content_rule_sshd_use_approved_macs - error
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vojtapolasek vojtapolasek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix problems with variables in rhel7 cis vojtapolasek/content
2 participants
@vojtapolasek @mildas