Folks -
I'm trying to remediate a RHEL7 VM guest and have it down to a couple findings
that I'd like to ask about:
1. Rule ID:
xccdf_org.ssgproject.content_rule_accounts_authorized_local_users
I've surfed the web, RedHat and OpenScap; read through the
OpenScap docs. I have not
found how to apply a remediation to this one. The server has
one (1) user that
is not part of the OS installation set - an admin acct.
How do I tell oscap that this account (and perhaps others
later) is an authorized account?
2. Rule ID: Ensure Software Patches Installed
The system was fully patched with "yum update" before I ran
oscap. There are currently
seventeen (17) findings which specify running "yum update". I
enabled all repos
in /etc/yum.repos.d/redhat.repo and ran check-update repeatedly
to find those that were not
accessible, and disabled them. That left 896 potential yum
repos being used.
Then, I patched again and "yum update" shows NO patches
outstanding. Yet the STIG still says
I have seventeen (17) failures, with no indication of what has
failed and the remediation
advice given is "yum update".
Is there a way to see EXACTLY what it is failing at, aka the raw output data,
where I can review output like: "This specific package is not updated,
therefore mark a FAIL" ? In case I am doing the scan wrong, these are the
commands I am using to execute the oscap run:
DateR=`date '+%m%d%y_%H%M%S'`
UNAMEN=`/bin/uname -n`
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig \
--report report_${UNAMEN}_${DateR}.html \
--fetch-remote-resources
/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
The latest scan this morning, following the latest patch and reboot is 93.63%
clean. There are just five (5) areas still reporting a fail and the two
referenced above are the only ones I am unable to resolve readily. I would
appreciate any assistance you can provide.
Best Regards,
Kenneth Hatten
Senior Consultant
[http://zigabytepublic.s3.us-east-2.amazonaws.com/Zigabyte_Transparent.png]<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zigabyte.com%2F&data=05%7C01%7Ckenneth.hatten%40zigabyte.com%7C6ff5cbedc3dd4cef9ea908da4370128c%7C5f2d630ecdea4cfda145e634cbd11dec%7C0%7C0%7C637896445884121424%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ybK7bnsqxo7UJdrJSvKW9tgzmUne%2FiDjgzzaEL8WdnA%3D&reserved=0>
| Character | Competence | Community
email: kenneth.hat...@zigabyte.com<mailto:kenneth.hat...@zigabyte.com>
cell: 972-658-1275
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://listman.redhat.com/mailman/listinfo/open-scap-list
