Ubuntu
openscap package

  1. Focal (20.04)
  2. Bug #2062389
  3. Activity log

Activity log for bug #2062389

Date Who What changed Old value New value Message
2024-04-18 15:59:11 Eduardo Barretto bug added bug
2024-04-18 15:59:27 Eduardo Barretto nominated for series Ubuntu Focal
2024-04-18 15:59:27 Eduardo Barretto bug task added openscap (Ubuntu Focal)
2024-04-18 15:59:27 Eduardo Barretto nominated for series Ubuntu Jammy
2024-04-18 15:59:27 Eduardo Barretto bug task added openscap (Ubuntu Jammy)
2024-04-18 16:05:03 Eduardo Barretto attachment added oval file for ubuntu 20.04 https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767555/+files/ssg-ubuntu2004-oval.xml
2024-04-18 16:05:31 Eduardo Barretto attachment added oval file for ubuntu 22.04 https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767556/+files/ssg-ubuntu2204-oval.xml
2024-04-18 16:05:50 Eduardo Barretto attachment added openscap_1.2.16-2ubuntu3.4.debdiff https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767557/+files/openscap_1.2.16-2ubuntu3.4.debdiff
2024-04-18 16:06:07 Eduardo Barretto attachment added openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767558/+files/openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff
2024-04-18 16:06:38 Eduardo Barretto attachment added openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767559/+files/openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff
2024-04-18 16:09:38 Eduardo Barretto bug added subscriber Ubuntu Sponsors
2024-04-18 16:11:35 Eduardo Barretto description [ Impact ] * This issue causes a crash in openscap when there's a circular dependency in systemd services, and currently affects both Ubuntu 20.04 and 22.04. * This indirectly is affecting the usage of USG (Ubuntu Security Guide) for CIS auditing in systems with ceph-mds. See LP: #2060345. * This issue was reported to upstream here: https://bugzilla.redhat.com/show_bug.cgi?id=1478285 and later fixed in openscap upstream git repo https://github.com/OpenSCAP/openscap/pull/1474. This SRU is a backport of the mentioned pull request. [ Test Plan ] * There are a few ways to reproduce this issue, as you can see some notes on LP: #2060345. But for simplicity, the easiest way to reproduce this issue is to run the following commands. Without the patch on Ubuntu 20.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1522 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1522 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] Probe with PID=1531 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1531 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] ``` With the patch on Ubuntu 20.04: ``` $ sudo apt install libopenscap8=1.2.16-2ubuntu3.4 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ``` Without the patch on Ubuntu 22.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1421 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1421 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] Probe with PID=1431 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1431 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] ``` With the patch on Ubuntu 22.04: ``` $ sudo apt install libopenscap8=1.2.17-0.1ubuntu7.22.04.2 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ``` * The other tests we will do is to run full usg fix and audit and report if the output is as expected. [ Where problems could occur ] * This fix was never backported to version 1.2 in upstream git repo, but was applied to openscap 1.2 in RHEL-based distros, it is unclear if the backport ever created another issue with the systemdunitdependency probe. If that is the case we expect to see some other tests in usg failing, for example. [ Other Info ] * This issue affects both Ubuntu 20.04 and 22.04. [ Impact ]  * This issue causes a crash in openscap when there's a circular dependency in systemd services, and currently affects both Ubuntu 20.04 and 22.04.  * This indirectly is affecting the usage of USG (Ubuntu Security Guide) for CIS auditing in systems with ceph-mds. See LP: #2060345.  * This issue was reported to upstream here: https://bugzilla.redhat.com/show_bug.cgi?id=1478285 and later fixed in openscap upstream git repo https://github.com/OpenSCAP/openscap/pull/1474. This SRU is a backport of the mentioned pull request. [ Test Plan ]  * There are a few ways to reproduce this issue, as you can see some notes on LP: #2060345.    But for simplicity, the easiest way to reproduce this issue is to run the following commands.    Without the patch on Ubuntu 20.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1522 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1522 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] Probe with PID=1531 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1531 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] ```   With the patch on Ubuntu 20.04: ``` $ sudo apt install libopenscap8=1.2.16-2ubuntu3.4 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ```    Without the patch on Ubuntu 22.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1421 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1421 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] Probe with PID=1431 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1431 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] ```   With the patch on Ubuntu 22.04: ``` $ sudo apt install libopenscap8=1.2.17-0.1ubuntu7.22.04.2 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ```  * The other tests we will do is to run full usg fix and audit and report if the output is as expected. [ Where problems could occur ]  * This fix was never backported to version 1.2 in upstream git repo, but was applied to openscap 1.2 in    RHEL-based distros, it is unclear if the backport ever created another issue with the    systemdunitdependency probe. If that is the case we expect to see some other tests in usg failing,    for example. [ Other Info ]  * This issue affects both Ubuntu 20.04 and 22.04.
2024-04-18 16:14:02 Eduardo Barretto description [ Impact ]  * This issue causes a crash in openscap when there's a circular dependency in systemd services, and currently affects both Ubuntu 20.04 and 22.04.  * This indirectly is affecting the usage of USG (Ubuntu Security Guide) for CIS auditing in systems with ceph-mds. See LP: #2060345.  * This issue was reported to upstream here: https://bugzilla.redhat.com/show_bug.cgi?id=1478285 and later fixed in openscap upstream git repo https://github.com/OpenSCAP/openscap/pull/1474. This SRU is a backport of the mentioned pull request. [ Test Plan ]  * There are a few ways to reproduce this issue, as you can see some notes on LP: #2060345.    But for simplicity, the easiest way to reproduce this issue is to run the following commands.    Without the patch on Ubuntu 20.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1522 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1522 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] Probe with PID=1531 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1531 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] ```   With the patch on Ubuntu 20.04: ``` $ sudo apt install libopenscap8=1.2.16-2ubuntu3.4 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ```    Without the patch on Ubuntu 22.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1421 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1421 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] Probe with PID=1431 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1431 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] ```   With the patch on Ubuntu 22.04: ``` $ sudo apt install libopenscap8=1.2.17-0.1ubuntu7.22.04.2 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ```  * The other tests we will do is to run full usg fix and audit and report if the output is as expected. [ Where problems could occur ]  * This fix was never backported to version 1.2 in upstream git repo, but was applied to openscap 1.2 in    RHEL-based distros, it is unclear if the backport ever created another issue with the    systemdunitdependency probe. If that is the case we expect to see some other tests in usg failing,    for example. [ Other Info ]  * This issue affects both Ubuntu 20.04 and 22.04. [ Impact ]  * This issue causes a crash in openscap when there's a circular dependency in systemd services, and currently affects both Ubuntu 20.04 and 22.04.  * This indirectly is affecting the usage of USG (Ubuntu Security Guide) for CIS auditing in systems with ceph-mds. See LP: #2060345.  * This issue was reported to upstream here: https://bugzilla.redhat.com/show_bug.cgi?id=1478285 and later fixed in openscap upstream git repo https://github.com/OpenSCAP/openscap/pull/1474. This SRU is a backport of the mentioned pull request. [ Test Plan ]  * There are a few ways to reproduce this issue, as you can see some notes on LP: #2060345.    But for simplicity, the easiest way to reproduce this issue is to run the following commands.    On Ubuntu 20.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1522 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1522 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] Probe with PID=1531 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1531 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] $ sudo apt install libopenscap8=1.2.16-2ubuntu3.4 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ```    On Ubuntu 22.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1421 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1421 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] Probe with PID=1431 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1431 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] $ sudo apt install libopenscap8=1.2.17-0.1ubuntu7.22.04.2 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ```  * The other tests we will do is to run full usg fix and audit and report if the output is as expected. [ Where problems could occur ]  * This fix was never backported to version 1.2 in upstream git repo, but was applied to openscap 1.2 in    RHEL-based distros, it is unclear if the backport ever created another issue with the    systemdunitdependency probe. If that is the case we expect to see some other tests in usg failing,    for example. [ Other Info ]  * This issue affects both Ubuntu 20.04 and 22.04. * Another way to mitigate this issue would be altering systemd services to not have a circular dependency. This can get tricky and might require a lot of change.
2024-04-18 16:26:26 Eduardo Barretto attachment added openscap_1.2.16-2ubuntu3.4.debdiff https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767571/+files/openscap_1.2.16-2ubuntu3.4.debdiff
2024-04-18 16:26:39 Eduardo Barretto attachment added openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2062389/+attachment/5767572/+files/openscap_1.2.17-0.1ubuntu7.22.04.2.debdiff
2024-04-19 00:32:47 Nobuto Murata bug added subscriber Nobuto Murata
2024-04-26 07:37:18 Eduardo Barretto nominated for series Ubuntu Noble
2024-04-26 07:37:18 Eduardo Barretto bug task added openscap (Ubuntu Noble)
2024-04-26 07:37:18 Eduardo Barretto nominated for series Ubuntu Mantic
2024-04-26 07:37:18 Eduardo Barretto bug task added openscap (Ubuntu Mantic)
2024-04-26 07:37:26 Eduardo Barretto openscap (Ubuntu Mantic): status New Fix Released
2024-04-26 07:37:30 Eduardo Barretto openscap (Ubuntu Noble): status New Fix Released
2024-04-26 07:38:22 Eduardo Barretto description [ Impact ]  * This issue causes a crash in openscap when there's a circular dependency in systemd services, and currently affects both Ubuntu 20.04 and 22.04.  * This indirectly is affecting the usage of USG (Ubuntu Security Guide) for CIS auditing in systems with ceph-mds. See LP: #2060345.  * This issue was reported to upstream here: https://bugzilla.redhat.com/show_bug.cgi?id=1478285 and later fixed in openscap upstream git repo https://github.com/OpenSCAP/openscap/pull/1474. This SRU is a backport of the mentioned pull request. [ Test Plan ]  * There are a few ways to reproduce this issue, as you can see some notes on LP: #2060345.    But for simplicity, the easiest way to reproduce this issue is to run the following commands.    On Ubuntu 20.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1522 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1522 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] Probe with PID=1531 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1531 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] $ sudo apt install libopenscap8=1.2.16-2ubuntu3.4 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ```    On Ubuntu 22.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1421 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1421 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] Probe with PID=1431 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1431 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] $ sudo apt install libopenscap8=1.2.17-0.1ubuntu7.22.04.2 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ```  * The other tests we will do is to run full usg fix and audit and report if the output is as expected. [ Where problems could occur ]  * This fix was never backported to version 1.2 in upstream git repo, but was applied to openscap 1.2 in    RHEL-based distros, it is unclear if the backport ever created another issue with the    systemdunitdependency probe. If that is the case we expect to see some other tests in usg failing,    for example. [ Other Info ]  * This issue affects both Ubuntu 20.04 and 22.04. * Another way to mitigate this issue would be altering systemd services to not have a circular dependency. This can get tricky and might require a lot of change. [ Impact ]  * This issue causes a crash in openscap when there's a circular dependency in systemd services, and currently affects both Ubuntu 20.04 and 22.04. openscap on Ubuntu 23.10 and 24.04 already contain this fix.  * This indirectly is affecting the usage of USG (Ubuntu Security Guide) for CIS auditing in systems with ceph-mds. See LP: #2060345.  * This issue was reported to upstream here: https://bugzilla.redhat.com/show_bug.cgi?id=1478285 and later fixed in openscap upstream git repo https://github.com/OpenSCAP/openscap/pull/1474. This SRU is a backport of the mentioned pull request. [ Test Plan ]  * There are a few ways to reproduce this issue, as you can see some notes on LP: #2060345.    But for simplicity, the easiest way to reproduce this issue is to run the following commands.    On Ubuntu 20.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1522 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1522 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] Probe with PID=1531 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1531 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:913] $ sudo apt install libopenscap8=1.2.16-2ubuntu3.4 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2004-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ```    On Ubuntu 22.04: ``` $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. $ sudo apt install ceph-mds $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml W: oscap: Can't receive message: 103, Software caused connection abort. W: oscap: Can't receive message: 103, Software caused connection abort. OpenSCAP Error: Probe with PID=1421 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1421 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] Probe with PID=1431 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:178] Probe with PID=1431 has core dumped. [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:182] Item corresponding to object 'oval:ssg-object_multi_user_target_for_rsyslog_socket_enabled:obj:1' from test 'oval:ssg-test_multi_user_wants_rsyslog_socket:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:982] $ sudo apt install libopenscap8=1.2.17-0.1ubuntu7.22.04.2 $ oscap oval eval --id "oval:ssg-service_rsyslog_enabled:def:1" ssg-ubuntu2204-oval.xml Definition oval:ssg-service_rsyslog_enabled:def:1: true Evaluation done. ```  * The other tests we will do is to run full usg fix and audit and report if the output is as expected. [ Where problems could occur ]  * This fix was never backported to version 1.2 in upstream git repo, but was applied to openscap 1.2 in    RHEL-based distros, it is unclear if the backport ever created another issue with the    systemdunitdependency probe. If that is the case we expect to see some other tests in usg failing,    for example. [ Other Info ]  * This issue affects both Ubuntu 20.04 and 22.04.  * Another way to mitigate this issue would be altering systemd services to not have a circular dependency. This can get tricky and might require a lot of change.
2024-04-26 12:01:19 Marc Deslauriers openscap (Ubuntu Focal): status New In Progress
2024-04-26 12:01:21 Marc Deslauriers openscap (Ubuntu Jammy): status New In Progress
2024-04-26 12:01:56 Marc Deslauriers bug added subscriber Ubuntu Stable Release Updates Team
2024-05-02 16:22:21 Andreas Hasenack openscap (Ubuntu Jammy): status In Progress Fix Committed
2024-05-02 16:22:24 Andreas Hasenack bug added subscriber SRU Verification
2024-05-02 16:22:27 Andreas Hasenack tags verification-needed verification-needed-jammy
2024-05-02 16:22:49 Andreas Hasenack removed subscriber Ubuntu Sponsors
2024-05-02 16:23:00 Andreas Hasenack openscap (Ubuntu Focal): status In Progress Fix Committed
2024-05-02 16:23:07 Andreas Hasenack tags verification-needed verification-needed-jammy verification-needed verification-needed-focal verification-needed-jammy
2024-05-08 09:59:43 Eduardo Barretto tags verification-needed verification-needed-focal verification-needed-jammy verification-done-jammy verification-needed verification-needed-focal
2024-05-08 10:41:32 Eduardo Barretto tags verification-done-jammy verification-needed verification-needed-focal verification-done-focal verification-done-jammy verification-needed