usg fails in multiple tests when auditing on fresh Jammy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Security Guide |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
Hi,
We had a lot of issue when hardening with CIS level 1 server on Openstack hyperconverged node (with ceph).
So I tried to do the audit on clean Jammy. I also received a lot of errors (but this time not fatal) like
root@cis-test:~# usg audit --tailoring-file /root/cis-l1.xml
USG will execute the following command for auditing: oscap xccdf eval --profile xccdf_org.
...
Title Enable Randomized Layout of Virtual Address Space
Rule xccdf_org.
W: oscap: Obtrusive data from probe!
W: oscap: Obtrusive data from probe!
W: oscap: Obtrusive data from probe!
Result fail
...
Title Ensure all users last password change date is in the past
Rule xccdf_org.
W: oscap: Entity name 'value' from state (id: 'oval:ssg-
Result pass
...
This is on clean Jammy VM spawned by lxd
$ lxc launch ubuntu:22.04 cis-test --vm
I attached the tailoring file.
Could you help to figure out what is wrong with tool, why it fails in multiple place ?
I am going to fill another bug with the fatal error.
Attached full log