Description of problem:
In RHEL9 STIG without GUI, file_permissions_library_dirs fails after machine reboot.
SCAP Security Guide Version:
stabilization-v0.1.61 branch
Operating System Version:
RHEL 9
Steps to Reproduce:
python3 tests/test_suite.py profile --libvirt qemu:///system test_suite_vm --datastream /tmp/ssg-rhel9-ds.xml xccdf_org.ssgproject.content_profile_stig
Actual Results:
xccdf_org.ssgproject.content_rule_file_permissions_library_dirs - fail
Expected Results:
xccdf_org.ssgproject.content_rule_file_permissions_library_dirs - pass
Additional Information/Debugging Steps:
OVAL details:
Details
Testing mode of /lib/
oval:ssg-test_file_permissions_library_dirs_0:tst:1
true
Following items have been found on the system:
| Path |
Type |
UID |
GID |
Size (B) |
Permissions |
| /lib/polkit-1/polkit-agent-helper-1 |
regular |
0 |
0 |
20416 |
rwsr-xr-x |
Testing mode of /lib64/
oval:ssg-test_file_permissions_library_dirs_1:tst:1
false
No items have been found conforming to the following objects:
Object oval:ssg-object_file_permissions_library_dirs_1:obj:1 of type
file_object
| Path |
Filename |
Filter |
Filter |
| ^/lib64 |
^.*$ |
oval:ssg-state_file_permissions_library_dirs_1_mode_not_0755:ste:1 |
oval:ssg-exclude_symlinks__library_dirs:ste:1 |
Testing mode of /usr/lib/
oval:ssg-test_file_permissions_library_dirs_2:tst:1
true
Following items have been found on the system:
| Path |
Type |
UID |
GID |
Size (B) |
Permissions |
| /usr/lib/polkit-1/polkit-agent-helper-1 |
regular |
0 |
0 |
20416 |
rwsr-xr-x |
Testing mode of /usr/lib64/
oval:ssg-test_file_permissions_library_dirs_3:tst:1
false
No items have been found conforming to the following objects:
Object oval:ssg-object_file_permissions_library_dirs_3:obj:1 of type
file_object
| Path |
Filename |
Filter |
Filter |
| ^/usr/lib64 |
^.*$ |
oval:ssg-state_file_permissions_library_dirs_3_mode_not_0755:ste:1 |
oval:ssg-exclude_symlinks__library_dirs:ste:1 |
Check the OVAL results. It seems that polkit permissions are causing the failure.
Description of problem:
In RHEL9 STIG without GUI,
file_permissions_library_dirsfails after machine reboot.SCAP Security Guide Version:
stabilization-v0.1.61 branch
Operating System Version:
RHEL 9
Steps to Reproduce:
python3 tests/test_suite.py profile --libvirt qemu:///system test_suite_vm --datastream /tmp/ssg-rhel9-ds.xml xccdf_org.ssgproject.content_profile_stigActual Results:
xccdf_org.ssgproject.content_rule_file_permissions_library_dirs - fail
Expected Results:
xccdf_org.ssgproject.content_rule_file_permissions_library_dirs - pass
Additional Information/Debugging Steps:
OVAL details:
Details
Testing mode of /lib/ oval:ssg-test_file_permissions_library_dirs_0:tst:1 true
Following items have been found on the system:
Testing mode of /lib64/ oval:ssg-test_file_permissions_library_dirs_1:tst:1 false
No items have been found conforming to the following objects:
Object oval:ssg-object_file_permissions_library_dirs_1:obj:1 of type file_object
Testing mode of /usr/lib/ oval:ssg-test_file_permissions_library_dirs_2:tst:1 true
Following items have been found on the system:
Testing mode of /usr/lib64/ oval:ssg-test_file_permissions_library_dirs_3:tst:1 false
No items have been found conforming to the following objects:
Object oval:ssg-object_file_permissions_library_dirs_3:obj:1 of type file_object
Check the OVAL results. It seems that
polkitpermissions are causing the failure.