UNCLASSIFIED - NO CUI

openSCAP failures

Summary

(Summarize the pipeline issue encountered concisely)

Link to failed pipeline

(Link to the failed pipeline)

What is the current bug behavior?

openSCAP tool results in the following failures on the IronBank compliant container that we are attempting build. `Title The operating system must require Re-Authentication when using the sudo command. Ensure sudo timestamp_timeout is appropriate - sudo timestamp_timeout Rule xccdf_org.ssgproject.content_rule_sudo_require_reauthentication Ident CCE-87838-9 Result fail

-- Title Ensure sudo only includes the default configuration directory Rule xccdf_org.ssgproject.content_rule_sudoers_default_includedir Ident CCE-86377-9 Result fail

Title Ensure invoking users password for privilege escalation when using sudo Rule xccdf_org.ssgproject.content_rule_sudoers_validate_passwd Ident CCE-83422-6 Result fail

Title Install rng-tools Package Rule xccdf_org.ssgproject.content_rule_package_rng-tools_installed Ident CCE-82968-9 Result fail

-- Title Set Existing Passwords Maximum Age Rule xccdf_org.ssgproject.content_rule_accounts_password_set_max_life_existing Ident CCE-82473-0 Result fail

Title Set Existing Passwords Minimum Age Rule xccdf_org.ssgproject.content_rule_accounts_password_set_min_life_existing Ident CCE-82472-2 Result fail

Title Verify All Account Password Hashes are Shadowed with SHA512 Rule xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed_sha512 Ident CCE-83484-6 Result fail

-- Title Install usbguard Package Rule xccdf_org.ssgproject.content_rule_package_usbguard_installed Ident CCE-82959-8 Result fail

-- Title Log USBGuard daemon audit events using Linux Audit Rule xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend Ident CCE-82168-6 Result fail `

What is the expected correct behavior?

We want to see all 'pass' or waiver for the 'fails'

Possible fixes

(If you can, link to the line of code that might be responsible for the problem)

Tasks

  • Pipeline failure has been resolved

Please read the Iron Bank Documentation for more info

UNCLASSIFIED - NO CUI