10000 `network_nmcli_permissions` Ansible remediation is missing from RHEL-9 playbooks · Issue #13128 · ComplianceAsCode/content · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

network_nmcli_permissions Ansible remediation is missing from RHEL-9 playbooks #13128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
comps opened this issue Mar 1, 2025 · 1 comment · Fixed by #13145
Closed

network_nmcli_permissions Ansible remediation is missing from RHEL-9 playbooks #13128

comps opened this issue Mar 1, 2025 · 1 comment · Fixed by #13145
Assignees
@Mab879
Labels
productization-issue Issue found in upstream stabilization process. RHEL Red Hat Enterprise Linux product related. RHEL9 Red Hat Enterprise Linux 9 product related.

Comments

@comps
Copy link
Collaborator
comps commented Mar 1, 2025

Description of problem:

/hardening/ansible/with-gui/ism_o/network_nmcli_permissions
/hardening/ansible/with-gui/pci-dss/network_nmcli_permissions

is failing on "Server with GUI" package set when remediated via Ansible.

It took me a while to figure this out, but it seems to be because the rule's Ansible remediation is not being included in ie. pci-dss playbook - if I grep rhel9-playbook-pci-dss.yml for either of

Ensure non-privileged users do not have access to nmcli
Disable General User Access to NetworkManager

it is not there. When I build rhel8 or rhel10 content, the grep successfully finds it, so this seems rhel9-only.

SCAP Security Guide Version:

master @ 6d67ad5

Operating System Version:

RHEL-9

Steps to Reproduce:

  1. Run with --arch x86_64 --rhel 9.6 --test /hardening/ansible/with-gui/pci-dss
@comps comps added productization-issue Issue found in upstream stabilization process. RHEL Red Hat Enterprise Linux product related. RHEL9 Red Hat Enterprise Linux 9 product related. labels Mar 1, 2025
@jan-cerny
Copy link
Collaborator

yes, the Ansible doesn't have RHEL 9

# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 10,multi_platform_ol,multi_platform_rhv,multi_platform_fedora,multi_platform_almalinux

it probably isn't intentional, we should add multi_platform_rhel

@Mab879 Mab879 self-assigned this Mar 4, 2025
@Mab879 Mab879 mentioned this issue Mar 5, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mab879 Mab879

Labels
productization-issue Issue found in upstream stabilization process. RHEL Red Hat Enterprise Linux product related. RHEL9 Red Hat Enterprise Linux 9 product related.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix ansible platform in network_nmcli_permissions for RHEL 9 Mab879/content
3 participants
@Mab879 @comps @jan-cerny
0