Many audit rules fail after reboot for ppc64le and s390x architectures #9856
Labels
Ansible
Ansible remediation update.
productization-issue
Issue found in upstream stabilization process.
RHEL
Red Hat Enterprise Linux product related.
Description of problem:
ppc64le
ands390x
systems which are hardened using the Ansible playbook from STIG profile have manyauditd
related rules failing after reboot.SCAP Security Guide Version:
master as of 2022-11-19
Operating System Version:
RHEL-7.9, RHEL-8.7 and RHEL-9.1
Steps to Reproduce:
Actual Results:
The following rules are failing after reboot:
xccdf_org.ssgproject.content_rule_audit_rules_media_export - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr - fail
xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr - fail
xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename - fail
xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat - fail
xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rmdir - fail
xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink - fail
xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat - fail
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat - fail
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate - fail
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open - fail
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at - fail
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat - fail
xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate - fail
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_create - fail
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete - fail
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit - fail
xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init - fail
Expected Results:
All non-compliant auditd rules are fixed and pass after reboot.
Additional Information/Debugging Steps:
It needs more detailed investigation, but it seems the remediation aren't even executed for these rules.
The text was updated successfully, but these errors were encountered: