[Bug 2056775] [NEW] openscap fails in multiple tests when auditing on fresh Jammy

Bartosz Woronicz Mon, 11 Mar 2024 09:20:30 -0700

Public bug reported:

Hi,


We had a lot of issue when hardening with CIS level 1 server on
Openstack hyperconverged node (with ceph).

So I tried to do the audit on clean Jammy. I also received a lot of
errors (but this time not fatal) like

root@cis-test:~# usg audit --tailoring-file /root/cis-l1.xml
USG will execute the following command for auditing: oscap xccdf eval --profile 
xccdf_org.ssgproject.content_profile_cis_level1_server_customized --cpe 
/usr/share/ubuntu-scap-security-guides/current/benchmarks/ssg-ubuntu2204-cpe-dictionary.xml
 --results /var/lib/usg/usg-results-20240311.1551.xml --tailoring-file 
/root/cis-l1.xml   
/usr/share/ubuntu-scap-security-guides/current/benchmarks/ssg-ubuntu2204-xccdf.xml
...

Title   Enable Randomized Layout of Virtual Address Space
Rule    xccdf_org.ssgproject.content_rule_sysctl_kernel_randomize_va_space
W: oscap:       Obtrusive data from probe!
W: oscap:       Obtrusive data from probe!
W: oscap:       Obtrusive data from probe!
Result  fail
...
Title   Ensure all users last password change date is in the past
Rule    
xccdf_org.ssgproject.content_rule_accounts_password_last_change_is_in_past
W: oscap:     Entity name 'value' from state (id: 
'oval:ssg-state_accounts_password_last_change_time_diff:ste:1') not found in 
item (id: '1247279').
Result  pass

...

This is on clean Jammy VM spawned by lxd
$ lxc launch ubuntu:22.04 cis-test --vm

I attached the tailoring file.

Could you help to figure out what is wrong with tool, why it fails in multiple 
place ?
I am going to fill another bug with the fatal error.

** Affects: openscap (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "cis-l1.xml"
   https://bugs.launchpad.net/bugs/2056775/+attachment/5754837/+files/cis-l1.xml

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056775

Title:
  openscap fails in multiple tests when auditing on fresh Jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2056775/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2056775] [NEW] openscap fails in multiple tests when auditing on fresh Jammy

Reply via email to