Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logind_session_timeout is misaligned with DISA #12561

Open
1 task
jan-cerny opened this issue Nov 1, 2024 · 1 comment
Open
1 task

logind_session_timeout is misaligned with DISA #12561

jan-cerny opened this issue Nov 1, 2024 · 1 comment
Labels
blocked Issue that can't be fixed in content. productization-issue Issue found in upstream stabilization process. RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related.

Comments

@jan-cerny
Copy link
Collaborator

Description of problem:

The rule logind_session_timeout is misaligned with DISA. It passes with ComplianceAsCode but fails with DISA content.

The problem seems to be that the DISA's prose to set the timeout to 10 minutes, which means to set StopIdleSessionSec option to 600, and our content sets this to 600 but the DISA's OVAL checks that the StopIdleSessionSec option is set to 900.

We have discovered this problem in upstream productization.

Details:

This content is not aligned with content from DISA

The misalignment affects these profiles:

RHEL 8 STIG

The misalignment affects these rules:

logind_session_timeout

Outcome:

  • The external content's check is faulty - the other party needs to be notified, they have work to do.

SCAP Security Guide Version:

current upstream master as of 2024-11-01 as of 3b29795

External Content's Version:

V2R1
@jan-cerny jan-cerny added productization-issue Issue found in upstream stabilization process. RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related. labels Nov 1, 2024
jan-cerny added a commit to jan-cerny/contest that referenced this issue Nov 1, 2024
@jan-cerny
Add waiver of logind_session_timeout
d1e6c70 
Addressing:
ComplianceAsCode/content#12561
@jan-cerny jan-cerny mentioned this issue Nov 1, 2024
Merged
@Mab879
Copy link
Member

Mab879 commented Nov 1, 2024

Since we can't do anything should this have the "blocked" label?

comps pushed a commit to RHSecurityCompliance/contest that referenced this issue Nov 4, 2024
@jan-cerny @comps
Add waiver of logind_session_timeout
21a4195 
Addressing:
ComplianceAsCode/content#12561
@mildas mildas added the blocked Issue that can't be fixed in content. label Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked Issue that can't be fixed in content. productization-issue Issue found in upstream stabilization process. RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Mab879 @jan-cerny @mildas