The following Red Hat Bug Fix Advisory has been published which may affect packages you have installed on your system.
RHBA-2018:2752 scap-security-guide bug fix update
Updated scap-security-guide packages that fix several bugs are now available for Red Hat Enterprise Linux 7.
The scap-security-guide project provides a guide for configuration of the system from the final system’s security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines.
This update fixes the following bugs:
* Previously, the playbook for setting SELinux policy did not include the “state” parameter to the Ansible SELinux module. As a consequence, remediation playbooks generated by the oscap command failed to set the SELinux policy accordingly to the “var_selinux_policy_name” variable. With this update, the remediation playbook has been changed to use the “lineinfile” module, and it can now correctly set the SELinux policy as defined in “var_selinux_policy_name”. (BZ#1601929)
* Prior to this update, the Extensible Configuration Checklist Description Format (XCCDF) benchmark contained the octal umask value for the “/etc/login.defs” file converted to the decimal format. Consequently, Ansible remediations against Red Hat Enterprise Linux 7 incorrectly set the “accounts_umask_etc_login_defs” value. The umask value format in the XCCDF benchmark has been fixed, the umask entry now correctly passes through. (BZ#1601931)
* Previously, parts of the OpenSCAP code generating Ansible remediation playbooks contained typos in the path to the dconf database directory. As a consequence, remediation tasks failed with the “OSError: [Errno 20] Not a directory: ‘/etc/dconf/db/local/d'” error message. The typos have been fixed, and the Ansible remediation tasks by OpenSCAP-generated playbooks now succeed. (BZ#1601933)
Users of scap-security-guide are advised to upgrade to these updated packages, which fix these bugs.
Full details and references:
Issue Date: 2018-09-25