Skip to content

Fix audit access rules in ISM_O#12670

Merged
Mab879 merged 1 commit into
ComplianceAsCode:masterfrom
jan-cerny:audit_access
Dec 4, 2024
Merged

Fix audit access rules in ISM_O#12670
Mab879 merged 1 commit into
ComplianceAsCode:masterfrom
jan-cerny:audit_access

Conversation

@jan-cerny
Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny commented Dec 4, 2024

The rules audit_access_failed and audit_access_success fail after building and booting a CentOS Stream 9 hardened container image with the ism_o profile. The reason is that the remediation fails to create the files required by these rules because the package audit that provides the directory /etc/audit/rules.d where these files should be created isn't installed by default. The solution is to install the audit package as a part of the profile remediation.

@jan-cerny
Fix audit access rules in ISM_O
f428b94 
The rules `audit_access_failed` and `audit_access_success` fail
after building and booting a CentOS Stream 9 hardened container image
with the `ism_o` profile. The reason is that the remediation fails
to create the files required by these rules because the package `audit`
that provides the directory `/etc/audit/rules.d` where these files
should be created isn't installed by default. The solution is to
install the `audit` package as a part of the profile remediation.
@jan-cerny jan-cerny added RHEL9 Red Hat Enterprise Linux 9 product related. Update Profile Issues or pull requests related to Profiles updates. Image Mode Bootable containers and Image Mode RHEL labels Dec 4, 2024
@jan-cerny jan-cerny added this to the 0.1.76 milestone Dec 4, 2024
@jan-cerny jan-cerny requested a review from a team as a code owner December 4, 2024 15:02
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Dec 4, 2024

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@qlty-cloud-legacy
Copy link
Copy Markdown

qlty-cloud-legacy Bot commented Dec 4, 2024

Code Climate has analyzed commit f428b94 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 self-assigned this Dec 4, 2024
@Mab879 Mab879 merged commit bf4ee45 into ComplianceAsCode:master Dec 4, 2024
jan-cerny added a commit to jan-cerny/scap-security-guide that referenced this pull request Jan 16, 2025
@jan-cerny
Fix RHEL 10 ISM profile fails in Image Mode
c6351d4 
The rules `audit_access_failed` and `audit_access_success`
fail in the scan of a RHEL 10 Image Mode system hardened with ISM
profiles. The reason is that the profiles don't install the `audit`
RPM package required by these rules to work and at the same time
the `audit` RPM package isn't part of the rhel10-bootc base image.
This is similar to this PR but it fixed only RHEL 9:
ComplianceAsCode#12670
@jan-cerny jan-cerny mentioned this pull request Jan 16, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels

Image Mode Bootable containers and Image Mode RHEL RHEL9 Red Hat Enterprise Linux 9 product related. Update Profile Issues or pull requests related to Profiles updates.

Projects

None yet

Milestone

0.1.76

Development

Successfully merging this pull request may close these issues.

2 participants

@jan-cerny @Mab879