I'm sorry, Eduardo, but I have to disagree. oscap crashes with a core dump during audit. Even if an application installed on Ubuntu is misbehaving, the auditing tool should not crash. Have you analysed core dump? Why did oscap crash?
To give you some more context. ceph-mds is a part of Ceph, quite major building block for environments such as OpenStack or Kubernetes, that we build for customers. CIS hardening is becoming more and more requested feature. It is in our interest to make sure that the CIS hardening works well with Ceph.
This bug is a result of CIS hardening effort for one of our prominent customers. I'm subscribing field-high and once again ask you to take a look into this problem.
I'm attaching some more files from failed CIS audit on a fresh Ubuntu 22.04, with a ceph-mds package installed. Audit crashes for the following rules:
I'm sorry, Eduardo, but I have to disagree. oscap crashes with a core dump during audit. Even if an application installed on Ubuntu is misbehaving, the auditing tool should not crash. Have you analysed core dump? Why did oscap crash?
To give you some more context. ceph-mds is a part of Ceph, quite major building block for environments such as OpenStack or Kubernetes, that we build for customers. CIS hardening is becoming more and more requested feature. It is in our interest to make sure that the CIS hardening works well with Ceph.
This bug is a result of CIS hardening effort for one of our prominent customers. I'm subscribing field-high and once again ask you to take a look into this problem.
I'm attaching some more files from failed CIS audit on a fresh Ubuntu 22.04, with a ceph-mds package installed. Audit crashes for the following rules:
xccdf_org. ssgproject. content_ rule_service_ systemd- journald_ enabled ssgproject. content_ rule_service_ rsyslog_ enabled ssgproject. content_ rule_service_ ufw_enabled ssgproject. content_ rule_service_ cron_enabled ssgproject. content_ rule_postfix_ network_ listening_ disabled ssgproject. content_ rule_service_ timesyncd_ enabled
xccdf_org.
xccdf_org.
xccdf_org.
xccdf_org.
xccdf_org.
Attached please see lp2060345.tar.gz with the following files:
/var/crash/ _usr_lib_ x86_64- linux-gnu_ openscap_ probe_systemdun itdependency. 0.crash usg/usg- log-20240415. 1554.log usg/usg- results- 20240415. 1554.xml usg/usg- report- 20240415. 1554.html usg/ssg- ubuntu2204- oval.xml. result- 20240415. 1554.xml usg/ssg- ubuntu2204- cpe-oval. xml.result- 20240415. 1554.xml
/var/lib/
/var/lib/
/var/lib/
/var/lib/
/var/lib/