action #173578
closed[security][QU] new failing rules in oscap_ansible_stig in 15-SP6 QU only
0%
Description
Observation¶
openQA test in scenario sle-15-SP6-Online-QR-aarch64-oscap_bash_anssi_bp28_high@aarch64 fails in
oscap_xccdf_eval#2
Newer link: https://openqa.suse.de/tests/16039882
#Pattern \bfail\b count in file stdout.txt is 4, expected 3. Failed rules:
xccdf_org.ssgproject.content_rule_aide_scan_notification, CCE-91214-7
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2, CCE-85554-4
xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass,
xccdf_org.ssgproject.content_rule_accounts_password_pam_retry,
#Expected 3 rules to fail:
xccdf_org.ssgproject.content_rule_aide_scan_notification
xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass
xccdf_org.ssgproject.content_rule_accounts_password_pam_retry
#Rules failed (not in expected list):
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2
RULES PASSED, but are in expected to fail list:
Updated by tjyrinki_suse 2 months ago
- Tags set to oscap
- Subject changed from [security] new failing rules in oscap_ansible_stig in 15-SP6 to [security] new failing rules in oscap_ansible_stig in 15-SP6 QU only
- Description updated (diff)
- Status changed from New to Workable
- Assignee set to viktors.trubovics
- Start date deleted (
2024-12-02)
Pinging Viktors as this used to pass in 15-SP6 QU Build 104.2 and before.
Note that oscap_bash_anssi_bp28_high is not being executed in the daily 15-SP6 GA tests, so we don't have a comparison reference from there.
Updated by tjyrinki_suse 2 months ago
- Tags changed from oscap to oscap, qu
- Subject changed from [security] new failing rules in oscap_ansible_stig in 15-SP6 QU only to [security][QU] new failing rules in oscap_ansible_stig in 15-SP6 QU only
Updated by viktors.trubovics 2 months ago
For now I added xccdf_org.ssgproject.content_rule_accounts_passwords_pam_tally2 for SP6 accounts_passwords_pam_tally2 on SP6 bp28_high
Asked Svetlin to look at.
Updated by viktors.trubovics about 2 months ago
- Status changed from Workable to Resolved
Issue moved to the hardening team backlog, can close here.
Updated by openqa_review about 1 month ago
- Status changed from Resolved to Feedback
This is an autogenerated message for openQA integration by the openqa_review script:
This bug is still referenced in a failing openQA test: oscap_bash_stig
https://openqa.suse.de/tests/16169858#step/oscap_xccdf_eval#2/1
To prevent further reminder comments one of the following options should be followed:
- The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
- The openQA job group is moved to "Released" or "EOL" (End-of-Life)
- The bugref in the openQA scenario is removed or replaced, e.g.
label:wontfix:boo1234
Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.
Updated by openqa_review 9 days ago
This is an autogenerated message for openQA integration by the openqa_review script:
This bug is still referenced in a failing openQA test: oscap_bash_anssi_bp28_high
https://openqa.suse.de/tests/16464124#step/oscap_xccdf_eval#2/1
To prevent further reminder comments one of the following options should be followed:
- The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
- The openQA job group is moved to "Released" or "EOL" (End-of-Life)
- The bugref in the openQA scenario is removed or replaced, e.g.
label:wontfix:boo1234
Expect the next reminder at the earliest in 56 days if nothing changes in this ticket.