Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error during evaluation of file_groupowner_var_log_syslog on RHEL 7 #10655

Closed
jan-cerny opened this issue May 30, 2023 · 3 comments · Fixed by #10666
Closed

Error during evaluation of file_groupowner_var_log_syslog on RHEL 7 #10655

jan-cerny opened this issue May 30, 2023 · 3 comments · Fixed by #10666
Assignees
@vojtapolasek
Labels
offline Issues or features of the content related to the OpenSCAP's 'offline' mode productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related.

Comments

@jan-cerny
Copy link
Collaborator

jan-cerny commented May 30, 2023
edited
Loading

Description of problem:

When we scan a RHEL 7 machine with the virtual (all) profile, we get an error message about evaluation of rule file_groupowner_var_log_syslog. This issue happened during downstream test /CoreOS/scap-security-guide/Sanity/smoke-scan on RHEL 7.

The same problem happens also when we scan an UBI 7 image using oscap-docker with the virtual (all) profile, we get an error message about evaluation of rule file_groupowner_var_log_syslog. This issue has happened during downstream test /CoreOS/scap-security-guide/Sanity/container-scanning on RHEL 7.

SCAP Security Guide Version:

current upstream master branch as of 2023-05-29 as of HEAD 47955e5

Operating System Version:

RHEL 7

Steps to Reproduce:

Locally:

  1. oscap xccdf eval --oval-results --progress --report all.html --profile '(all)' /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml

With UBI 7 and oscap-docker:

  1. oscap-docker image registry.access.redhat.com/ubi7 xccdf eval --progress --benchmark-id xccdf_org.ssgproject.content_benchmark_RHEL-7 --profile "(all)" /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 1> output.stdout 2> output.stderr

Actual Results:

stderr contains error message:

E: oscap:     Failed to convert OVAL state to SEXP, id: oval:ssg-state_file_groupowner_var_log_syslog_gid_4_0:ste:1.

Expected Results:

no errors

Additional Information/Debugging Steps:

no
@jan-cerny jan-cerny added productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related. offline Issues or features of the content related to the OpenSCAP's 'offline' mode labels May 30, 2023
@jan-cerny jan-cerny changed the title Error during evaluation of file_groupowner_var_log_syslog on UBI 7 image Error during evaluation of file_groupowner_var_log_syslog on RHEL 7 May 30, 2023
@vojtapolasek vojtapolasek self-assigned this May 31, 2023
@vojtapolasek
Copy link
Collaborator

I believe it is caused by this commit:
44cba45
This commit treats all filegids which are not equal to 0 as group names. But here we set the filegid to 4 and we need to treat it as a gid, not a group name. I will fix that. Moreover, I will document the behavior, because currently it is not documented.
@ggbecker please confirm if I am going in the right way since you are author of the commit-

@ggbecker
Copy link
Member

@vojtapolasek these are the pull requests:

#10622
#10552

@vojtapolasek vojtapolasek mentioned this issue Jun 1, 2023
Merged
@jan-cerny
Copy link
Collaborator Author

FTR I confirm this issue is present in current upstream stabilization-v0.1.68 branch as of 2023-06-02 as of HEAD b630293.

@vojtapolasek vojtapolasek mentioned this issue Jun 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vojtapolasek vojtapolasek

Labels
offline Issues or features of the content related to the OpenSCAP's 'offline' mode productization-issue Issue found in upstream stabilization process. RHEL7 Red Hat Enterprise Linux 7 product related.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixes in file_groupownership template vojtapolasek/content
3 participants
@vojtapolasek @jan-cerny @ggbecker