Comments (6)
vojtapolasek
commented on June 8, 2024
Hello. I am unable to reproduce the issue. I tried connecting from both Fedora 38 and Fedora 39 to RHEL 9.4 machine and I can't reproduce the issue.
Even after enabling the FIPS:OSPP cryptopolicy manually on the RHEL machine, I can still connect without problems.
When following the steps to reproduce, I receive only following errors, which don't look so scary:
...
WARNING - Script policy_default_set.pass.sh - profile xccdf_org.ssgproject.content_profile_standard not found in data stream
...
ERROR - Script cis_l2.pass.sh using profile xccdf_org.ssgproject.content_profile_cis_workstation_l2 found issue:
ERROR - Rule xccdf_org.ssgproject.content_rule_configure_crypto_policy has not been evaluated! Wrong profile selected in test scenario?
ERROR - The initial scan failed for rule 'xccdf_org.ssgproject.content_rule_configure_crypto_policy'.
INFO - Script policy_default_cis_l1.pass.sh using profile xccdf_org.ssgproject.content_profile_cis_server_l1 OK
ERROR - Script policy_default_cis_l1.pass.sh using profile xccdf_org.ssgproject.content_profile_cis_workstation_l1 found issue:
ERROR - Rule xccdf_org.ssgproject.content_rule_configure_crypto_policy has not been evaluated! Wrong profile selected in test scenario?
ERROR - The initial scan failed for rule 'xccdf_org.ssgproject.content_rule_configure_crypto_policy'.
from content.
marcusburghardt
commented on June 8, 2024
Thanks for this information @vojtapolasek . Since you couldn't reproduce the session issue mentioned in the description using fresh installed VMs, it is likely my local test environment has something more or less that is impeding an ssh connection when FIPS:OSPP policy is selected.
So I checked again the original tests and the errors there match with the errors in your test environment:
ERROR - Rule xccdf_org.ssgproject.content_rule_configure_crypto_policy has not been evaluated! Wrong profile selected in test scenario?
from content.
marcusburghardt
commented on June 8, 2024
Hum, it seems this is not a new issue. See #10895
from content.
marcusburghardt
commented on June 8, 2024
In the original description of this issue I also questioned an OVAL tests included in the rule.
For this, I filed a separate issue to not mix two different topics on the same issue: #11536
from content.
mildas
commented on June 8, 2024
@marcusburghardt Do you agree with closing this issue, as it's duplicate of #10895 ?
from content.
marcusburghardt
commented on June 8, 2024
@marcusburghardt Do you agree with closing this issue, as it's duplicate of #10895 ?
Yes, let's centralize in #10895
from content.
Related Issues (20)
- CIS 4.1.3.14 Ensure events that modify the system's Mandatory Access Controls are collected
- mount_option_boot_nosuid fails to remediate with Ansible HOT 6
- chronyd_or_ntpd_set_maxpoll is not remediated by Ansible HOT 2
- firewalld_sshd_port_enabled fails to remediate on aarch64 HOT 5
- accounts_umask_etc_bashrc is misaligned with RHEL 9 STIG HOT 4
- `audit_rules_networkconfig_modification_network_scripts` is broken in Automatus
- zipl_bootmap_is_up_to_date is failing after Ansible remediation HOT 2
- test scenarios for firewalld_sshd_port_enabled are failing on RHEL 8.6 HOT 4
- test scenario for service_bluetooth_disabled is not causing expected fail HOT 3
- Should files in /tmp be checked for permissions when using tmpfs?
- OpenSCAP Ubuntu 20.04 STIG Profile Issue with Banner Test HOT 2
- mount_option_nodev_nonroot_local_partitions reported as failing after scan of IB created image HOT 1
- Fedora Workstation 40 Remediations
- aide_use_fips_hashes fails after remediation HOT 1
- Failed on "Set SELinux boolean ssh_sysadm_login accordingly" HOT 2
- Automatus rule-based testing fails when no profile is specified HOT 2
- Multiple formats used in NIST 800-53 control ID references HOT 2
- Test scenarios fail for SCE-only rules if built without SCE HOT 1
- Playbook stops at TASK [Ensure NetworkManager is installed] HOT 2
- chronyd_or_ntpd_set_maxpoll fails after RHEL 7 STIG remediation HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from content.