Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule zipl_bootmap_is_up_to_date fails after OSPP hardening #9312

Closed
jan-cerny opened this issue Aug 9, 2022 · 1 comment
Closed

Rule zipl_bootmap_is_up_to_date fails after OSPP hardening #9312

jan-cerny opened this issue Aug 9, 2022 · 1 comment
Assignees
@yuumasato
Labels
productization-issue Issue found in upstream stabilization process. RHEL8 Red Hat Enterprise Linux 8 product related. RHEL9 Red Hat Enterprise Linux 9 product related.

Comments

@jan-cerny
Copy link
Collaborator

jan-cerny commented Aug 9, 2022
edited
Loading

Description of problem:

A test that tests OSPP hardening of a VM fails because rule zipl_bootmap_is_up_to_date fails after a reboot.

SCAP Security Guide Version:

current upstream as of 2022-08-06 as of HEAD 61b8f59

Operating System Version:

RHEL 9.1, architecture s390x
RHEL 8.7, architecture s390x

Steps to Reproduce:

  1. Harden a s390x system to OSPP profile: oscap xccdf eval --progress --remediate --profile xccdf_org.ssgproject.content_profile_ospp --report /ospp_remediate_report.html ssg-rhel9-ds.xml (or ssg-rhel8-ds.xml)
  2. reboot
  3. scan again: oscap xccdf eval --progress --profile xccdf_org.ssgproject.content_profile_ospp --results ospp-xccdf-results.xml --report ospp.html ssg-rhel9-ds.xml

Actual Results:

Before reboot, the rule zipl_bootmap_is_up_to_date passes but after reboot the rule zipl_bootmap_is_up_to_date fails.

Expected Results:

zipl_bootmap_is_up_to_date passes or surviving a reboot is achieved somehow

Additional Information/Debugging Steps:

no
@jan-cerny jan-cerny added productization-issue Issue found in upstream stabilization process. RHEL9 Red Hat Enterprise Linux 9 product related. RHEL8 Red Hat Enterprise Linux 8 product related. labels Aug 9, 2022
@yuumasato yuumasato self-assigned this Aug 16, 2022
This was referenced Aug 16, 2022
Merged
Closed
@yuumasato
Copy link
Member

yuumasato commented Aug 23, 2022
edited
Loading

This issue is another manifestation of remediate twice for rule to pass, closing.

See OpenSCAP/openscap#1880

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuumasato yuumasato

Labels
productization-issue Issue found in upstream stabilization process. RHEL8 Red Hat Enterprise Linux 8 product related. RHEL9 Red Hat Enterprise Linux 9 product related.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure order of zipl boot argument rules yuumasato/scap-security-guide
2 participants
@yuumasato @jan-cerny