Project

General

Profile

Actions

action #156679

closed

[security] OSCAP BASH tests for profiles HIPAA and PCI-DSS-4 failing on SP6 build after 15-SP6-Build58.1

Added by viktors.trubovics 3 months ago. Updated 4 days ago.

Status:
Resolved
Priority:
Normal
Category:
-
Target version:
-
Start date:
2024-03-05
Due date:
% Done:

100%

Estimated time:
4.00 h
Difficulty:
medium

Description

BASH HIPPA fails on SLES15 SP6:
https://openqa.suse.de/tests/13716835#step/oscap_xccdf_eval#2/26
#Rules failed (not in expected list):
xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth
xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner
xccdf_org.ssgproject.content_rule_sshd_do_not_permit_user_env
xccdf_org.ssgproject.content_rule_sshd_enable_strictmodes
xccdf_org.ssgproject.content_rule_sshd_disable_root_login
xccdf_org.ssgproject.content_rule_disable_host_auth
xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth

PCI-DSS fails https://openqa.suse.de/tests/13716834#step/oscap_xccdf_eval#2/26
#Rules failed (not in expected list):
xccdf_org.ssgproject.content_rule_sshd_set_keepalive
xccdf_org.ssgproject.content_rule_sshd_disable_rhosts
xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers
xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding
xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries
xccdf_org.ssgproject.content_rule_sshd_set_max_sessions
xccdf_org.ssgproject.content_rule_sshd_set_maxstartups
xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose
xccdf_org.ssgproject.content_rule_disable_host_auth
xccdf_org.ssgproject.content_rule_sshd_use_approved_macs
xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time
xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding
xccdf_org.ssgproject.content_rule_file_permissions_sshd_config
xccdf_org.ssgproject.content_rule_sshd_use_strong_kex
xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
xccdf_org.ssgproject.content_rule_sshd_do_not_permit_user_env
xccdf_org.ssgproject.content_rule_sshd_disable_root_login
Looks Product is broken since build 15-SP6-Build58.1
On SP4 and SP5 tests are passing.

Actions #2

Updated by viktors.trubovics 3 months ago

Created Bug 1221063 - [SLES15 SP6][openssh] openssh-server force reinstall resets sshd_config to default
https://bugzilla.suse.com/show_bug.cgi?id=1221063

Actions #3

Updated by openqa_review 2 months ago

This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: oscap_bash_pci_dss_4
https://openqa.suse.de/tests/13716834#step/oscap_xccdf_eval#2/1

To prevent further reminder comments one of the following options should be followed:

  1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
  2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
  3. The bugref in the openQA scenario is removed or replaced, e.g. label:wontfix:boo1234

Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.

Actions #4

Updated by szarate 6 days ago

  • Subject changed from OSCAP BASH tests for profiles HIPAA and PCI-DSS-4 failing on SP6 build after 15-SP6-Build58.1 to [security] OSCAP BASH tests for profiles HIPAA and PCI-DSS-4 failing on SP6 build after 15-SP6-Build58.1
Actions #5

Updated by viktors.trubovics 6 days ago

  • % Done changed from 0 to 100
  • Estimated time set to 4.00 h
  • Difficulty set to medium

Issue resolved after bug https://bugzilla.suse.com/show_bug.cgi?id=1221063 was fixed.

Actions #6

Updated by viktors.trubovics 4 days ago

  • Status changed from Workable to Resolved

Bug [SLES15 SP6][openssh] openssh-server force reinstall resets sshd_config to default
https://bugzilla.suse.com/show_bug.cgi?id=1221063
is fixed and tests are passing now.

Actions

Also available in: Atom PDF