usg fails in multiple tests when auditing on fresh Jammy

Attached full log

The HTML report seems ok, not info there on the issues

Could you please run with --debug and upload the logs?

And please next time report it against usg

I understand I will. So it is even weirder. I created new VM, just installed USG and dependencies, nothing else.
So same issues,

but when I add --debug flag to usg all issues magically dissapear!

Logs and results attached

They don't disappear, the stderr just is not shown in screen but included in the .log file.

The tarball is still missing the debug logs, please check in /var/lib/usg/

Ah, ok , Eduardo, my bad <facepalm>
 --debug Dumps more log files into the /var/lib/usg

I attached the whole content of /var/lib/usg

Thanks, and just to confirm, did you run the fix before?
A lot of the failures look like just that the remediation didn't take place

No I didn't :-) I will check once again after applying my changes

On Thu, Mar 14, 2024 at 8:05 PM Eduardo Barretto <email address hidden>
wrote:

> Thanks, and just to confirm, did you run the fix before?
> A lot of the failures look like just that the remediation didn't take place
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/2056775
>
> Title:
> usg fails in multiple tests when auditing on fresh Jammy
>
> Status in Ubuntu Security Guide:
> Incomplete
>
> Bug description:
> Hi,
>
> We had a lot of issue when hardening with CIS level 1 server on
> Openstack hyperconverged node (with ceph).
>
> So I tried to do the audit on clean Jammy. I also received a lot of
> errors (but this time not fatal) like
>
> root@cis-test:~# usg audit --tailoring-file /root/cis-l1.xml
> USG will execute the following command for auditing: oscap xccdf eval
> --profile xccdf_org.ssgproject.content_profile_cis_level1_server_customized
> --cpe
> /usr/share/ubuntu-scap-security-guides/current/benchmarks/ssg-ubuntu2204-cpe-dictionary.xml
> --results /var/lib/usg/usg-results-20240311.1551.xml --tailoring-file
> /root/cis-l1.xml
> /usr/share/ubuntu-scap-security-guides/current/benchmarks/ssg-ubuntu2204-xccdf.xml
> ...
>
> Title Enable Randomized Layout of Virtual Address Space
> Rule
> xccdf_org.ssgproject.content_rule_sysctl_kernel_randomize_va_space
> W: oscap: Obtrusive data from probe!
> W: oscap: Obtrusive data from probe!
> W: oscap: Obtrusive data from probe!
> Result fail
> ...
> Title Ensure all users last password change date is in the past
> Rule
> xccdf_org.ssgproject.content_rule_accounts_password_last_change_is_in_past
> W: oscap: Entity name 'value' from state (id:
> 'oval:ssg-state_accounts_password_last_change_time_diff:ste:1') not found
> in item (id: '1247279').
> Result pass
>
> ...
>
> This is on clean Jammy VM spawned by lxd
> $ lxc launch ubuntu:22.04 cis-test --vm
>
> I attached the tailoring file.
>
> Could you help to figure out what is wrong with tool, why it fails in
> multiple place ?
> I am going to fill another bug with the fatal error.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/usg/+bug/2056775/+subscriptions
>
>

--

------------------------------

Bartosz Woronicz

Field Engineer | Canonical

*Mobile:* +48 510 498 590 *E-mail: *<email address hidden>