Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatus audit_rules_privileged_commands_unix2_chkpwd/only_chkpwd_rule.fail fails on RHEL-10 #12880

Open
comps opened this issue Jan 22, 2025 · 0 comments · May be fixed by #12886
Open

Automatus audit_rules_privileged_commands_unix2_chkpwd/only_chkpwd_rule.fail fails on RHEL-10 #12880

comps opened this issue Jan 22, 2025 · 0 comments · May be fixed by #12886
Assignees
@ggbecker
Labels
productization-issue Issue found in upstream stabilization process. RHEL10 Red Hat Enterprise Linux 10 product related.

Comments

@comps
Copy link
Collaborator

comps commented Jan 22, 2025

Description of problem:

The test does

##### audit_rules_privileged_commands_unix2_chkpwd / only_chkpwd_rule.fail.sh #####
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentityFile=/var/lib/libvirt/images/contest.sshkey [email protected] cd /root/ssgts/audit_rules_privileged_commands_unix2_chkpwd; SHARED=/root/ssgts/shared bash -x only_chkpwd_rule.fail.sh
STDERR: Warning: Permanently added '192.168.123.155' (ED25519) to the list of known hosts.
+ echo '-a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged'

which is then found by the OVAL and passes.

Unless I misunderstood .pass.sh tests, that means we have a broken test, since it feeds OVAL exactly what it's looking for, AFAICT.

ARF attached to help in further investigation.

SCAP Security Guide Version:

master @ 1424df5

Operating System Version:

RHEL-10

Steps to Reproduce:

  1. Run automatus scenarios for audit_rules_privileged_commands_unix2_chkpwd

Additional Information/Debugging Steps:
@comps comps added productization-issue Issue found in upstream stabilization process. RHEL10 Red Hat Enterprise Linux 10 product related. labels Jan 22, 2025
@ggbecker ggbecker linked a pull request Jan 23, 2025 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ggbecker ggbecker

Labels
productization-issue Issue found in upstream stabilization process. RHEL10 Red Hat Enterprise Linux 10 product related.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix audit_rules_privileged_commands_unix2_chkpwd ggbecker/content
2 participants
@comps @ggbecker