Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ubuntu Linux 24.04 LTS Benchmark content (Version: Draft 0.1.76) causes oscap to crash #12718

Closed
bhattisatish opened this issue Dec 13, 2024 · 3 comments · Fixed by #12728
Closed

Ubuntu Linux 24.04 LTS Benchmark content (Version: Draft 0.1.76) causes oscap to crash #12718

bhattisatish opened this issue Dec 13, 2024 · 3 comments · Fixed by #12728
Assignees
@evgenyz
Labels
CIS CIS Benchmark related. Ubuntu Ubuntu product related.
Milestone
0.1.76

Comments

@bhattisatish
Copy link

bhattisatish commented Dec 13, 2024
edited
Loading

Description of problem:

While running the latest Ubuntu 24.04 LTS benchmark against the oscap 1.3.9 in Ubuntu 24.04 causes oscap to crash.

SCAP Security Guide Version:

Version: 0.1.76
draft (as of 2024-12-13)

Operating System Version:

Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble

Steps to Reproduce:

  1. git clone https://github.com/complianceascode/content.git
  2. cd content/ and ./build_product ubuntu2404 and cd ..
  3. Run either of the following commands:
    • oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_workstation --results arf1.xml --report report1.html content/build/ssg-ubuntu2404-ds.xml
    • oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level2_workstation --results arf2.xml --report report2.html content/build/ssg-ubuntu2404-ds.xml

Actual Results:

Causes oscap command to crash with

oscap: ./src/XCCDF_POLICY/xccdf_policy.c:627: xccdf_policy_is_item_selected: Assertion `false' failed.
Aborted (core dumped)

Debug log

Expected Results:

A successful run with arf1.xml with the results and report1.html with the final evaluation report.

Additional Information/Debugging Steps:

Refers: OpenSCAP/openscap#2188
The debug log is available. eval.log.gz

The output of build_product ubuntu2404 is also available at content-build.tar.gz
@dodys dodys added Ubuntu Ubuntu product related. CIS CIS Benchmark related. labels Dec 16, 2024
@dodys
Copy link
Contributor

dodys commented Dec 16, 2024

current content for Ubuntu 24.04 is still in progress. Not all the rules are working or tested against it.
Therefore I would recommend waiting.

@dodys dodys added this to the 0.1.76 milestone Dec 16, 2024
@evgenyz
Copy link
Member

evgenyz commented Dec 16, 2024

It looks like it's a Ubuntu's OpenSCAP package problem.

@evgenyz evgenyz self-assigned this Dec 16, 2024
@mpurg
Copy link
Contributor

mpurg commented Dec 16, 2024
edited
Loading

I narrowed it down to this setting:

content/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml

Line 49 in dfdd193

conflicts:

which was introduced to the sshd_enable_warning_banner_net rule recently.

The issue disappears when I remove it.

mpurg added a commit to mpurg/ComplianceAsCode that referenced this issue Dec 16, 2024
@mpurg
Fix to prevent oscap crashing on ubuntu
febbda0 
The recently added conflicts tags to sshd_enable_warning_banner_*
rules cause openscap to crash on Ubuntu (ComplianceAsCode#12718).

This change disables the conflicts tags on Ubuntu products
until a proper fix is implemented.
@mpurg mpurg mentioned this issue Dec 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@evgenyz evgenyz

Labels
CIS CIS Benchmark related. Ubuntu Ubuntu product related.
Projects
None yet
Milestone
0.1.76
Development

Successfully merging a pull request may close this issue.

Fix to prevent oscap crashing on ubuntu mpurg/ComplianceAsCode
4 participants
@bhattisatish @evgenyz @dodys @mpurg