Skip to content

[Ubuntu 22.04] Add missing stigid@ubuntu2204 references: Account Management (UBTU-22-411000 to 432099)#14465

Closed
hdean3 wants to merge 1 commit intoComplianceAsCode:masterfrom
hdean3:fix/stigid-ubuntu2204-account-mgmt
Closed

[Ubuntu 22.04] Add missing stigid@ubuntu2204 references: Account Management (UBTU-22-411000 to 432099)#14465
hdean3 wants to merge 1 commit intoComplianceAsCode:masterfrom
hdean3:fix/stigid-ubuntu2204-account-mgmt

Conversation

@hdean3
Copy link
Copy Markdown
Contributor

@hdean3 hdean3 commented Feb 26, 2026

Problem

The ComplianceAsCode Ubuntu 22.04 STIG profile cannot map OpenSCAP scan results to DISA STIG checklist items in STIG Viewer. CKL exports have blank Rule ID fields for Ubuntu 22.04 rules.

Root cause: Rule.yml files are missing stigid@ubuntu2204: entries. Rules have stigid@ol8, stigid@sle12, and stigid@sle15 — but stigid@ubuntu2204 was never added.

Solution

Add stigid@ubuntu2204: UBTU-22-XXXXXX to 21 rule.yml files for DISA Ubuntu 22.04 STIG V2R7 Account Management controls (UBTU-22-411000 to 432099).

All UBTU-22 IDs sourced from controls/stig_ubuntu2204.yml.

Series

Part of a series adding stigid@ubuntu2204 across all V2R7 categories:

  • Auditing — 96 rules (#14463)
  • Password Policy — 24 rules (#14464)
  • Account Management (this PR) — 21 rules
  • File Permissions, Networking, Software, System Config, GNOME, Kernel Modules — remaining PRs

@hdean3
Add stigid@ubuntu2204 references: Account Management
6f3573d 
Add missing stigid@ubuntu2204 entries to 21 rule.yml files for
DISA Ubuntu 22.04 STIG V2R7 Account Management controls.

Without these references, OpenSCAP scan results cannot be mapped
to DISA UBTU-22-XXXXXX checklist items in STIG Viewer (CKL export
produces blank Rule ID fields).

Entries follow the same pattern as existing stigid@ol8, stigid@sle12,
and stigid@sle15 references. Authoritative UBTU-22-XXXXXX IDs sourced
from controls/stig_ubuntu2204.yml.
@hdean3 hdean3 mentioned this pull request Feb 26, 2026
Closed
@openshift-ci openshift-ci Bot added the needs-ok-to-test Used by openshift-ci bot. label Feb 26, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Feb 26, 2026

Hi @hdean3. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

This was referenced Feb 26, 2026
Closed
Closed
Closed
Closed
Closed
@hdean3
Copy link
Copy Markdown
Contributor Author

hdean3 commented Feb 27, 2026

Closing to reset fork and CI queue. Will re-submit in small batches (2-3 at a time) after PR #14511 receives /ok-to-test from a maintainer.

@hdean3 hdean3 closed this Feb 27, 2026
@hdean3 hdean3 deleted the fix/stigid-ubuntu2204-account-mgmt branch February 27, 2026 22:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-ok-to-test Used by openshift-ci bot.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hdean3