Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatus grub2_enable_fips_mode/grub_cmdline_linux_correct_value.pass fails on RHEL-10 #12879

Closed
comps opened this issue Jan 22, 2025 · 0 comments · Fixed by #12899
Closed

Automatus grub2_enable_fips_mode/grub_cmdline_linux_correct_value.pass fails on RHEL-10 #12879

comps opened this issue Jan 22, 2025 · 0 comments · Fixed by #12899
Assignees
@Mab879
Labels
productization-issue Issue found in upstream stabilization process. RHEL10 Red Hat Enterprise Linux 10 product related.

Comments

@comps
Copy link
Collaborator

comps commented Jan 22, 2025

Description of problem:

The test does

##### grub2_enable_fips_mode / grub_cmdline_linux_correct_value.pass.sh #####
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentityFile=/var/lib/libvirt/images/contest.sshkey [email protected] cd /root/ssgts/grub2_enable_fips_mode; SHARED=/root/ssgts/shared bash -x grub_cmdline_linux_correct_value.pass.sh
STDERR: Warning: Permanently added '192.168.120.180' (ED25519) to the list of known hosts.
+ grep -q '^GRUB_CMDLINE_LINUX=.*fips=.*"' /etc/default/grub
+ sed -i 's/\(^GRUB_CMDLINE_LINUX=".*\)"/\1 fips=1"/' /etc/default/grub

but the OVAL checks fail the overall rule (see ARF).

It's hard to say on cursory examination as the rule has a LOT of checks, but perhaps the test fails to add fips=1 to GRUB_CMDLINE_LINUX_DEFAULT which the OVAL also checks?

(Possibly something else.)

SCAP Security Guide Version:

master @ 1424df5

Operating System Version:

RHEL-10

Steps to Reproduce:

  1. Run automatus scenarios for grub2_enable_fips_mode on RHEL-10

Additional Information/Debugging Steps:
@comps comps added productization-issue Issue found in upstream stabilization process. RHEL10 Red Hat Enterprise Linux 10 product related. labels Jan 22, 2025
@Mab879 Mab879 self-assigned this Jan 24, 2025
@Mab879 Mab879 mentioned this issue Jan 24, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mab879 Mab879

Labels
productization-issue Issue found in upstream stabilization process. RHEL10 Red Hat Enterprise Linux 10 product related.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Move to enable_fips_mode from grub2_enable_fips_mode in RHEL 10 Mab879/content
2 participants
@Mab879 @comps