Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nesus scan gives only 69% score in oracle linux 8.9 #392

Closed
bantify opened this issue Jun 30, 2024 · 3 comments
Closed

Nesus scan gives only 69% score in oracle linux 8.9 #392

bantify opened this issue Jun 30, 2024 · 3 comments
Assignees
@uk-bolly
Labels
invalid This doesn't seem right

Comments

@bantify
Copy link

bantify commented Jun 30, 2024
edited

Question:
Nesus scan gives only 69% score in oracle linux 8.9

Before upgrade of CIS compliance in nesus, scroe was 77% score for the same host.

Nesus Version: 10.7.4
CIS compliance version: V3.0.0
Use Role: RHEL8-CIS branch: devel (check out date: June-30-2024 )

Environment (please complete the following information):
Oracle linux 8.9

Ansible Version:
ansible [core 2.15.10]
Host Python Version: [e.g. Python 3.7.6]
Python 3.6.8
Ansible Server Python Version:
Python 3.9.6
Additional Details:

Disbaled rule:
rhel8cis_rule_1_2_3: false

image

Attached the scan report of PDF for your reference:
webfe_IP_135.pdf

Last few lines of output:

TASK [roles/cis/RHEL8-CIS : Delete line TMOUT from /etc/bashrc] *****************************************************************************************************************************************************************
ok: [gzp-p-qv-webfe1]

TASK [roles/cis/RHEL8-CIS : Post Audit | Run post_remediation RHEL8-CIS audit] **************************************************************************************************************************************************
skipping: [gzp-p-qv-webfe1]

TASK [roles/cis/RHEL8-CIS : Post Audit | Ensure audit files readable by users] **************************************************************************************************************************************************
skipping: [gzp-p-qv-webfe1]

TASK [roles/cis/RHEL8-CIS : Post Audit | Capture data {{ post_audit_outfile }}] *************************************************************************************************************************************************
skipping: [gzp-p-qv-webfe1]

TASK [roles/cis/RHEL8-CIS : Post Audit | Capture post-audit result] *************************************************************************************************************************************************************
skipping: [gzp-p-qv-webfe1]

TASK [roles/cis/RHEL8-CIS : Post Audit | Capture data {{ post_audit_outfile }}] *************************************************************************************************************************************************
skipping: [gzp-p-qv-webfe1]

TASK [roles/cis/RHEL8-CIS : Post Audit | Capture post-audit result] *************************************************************************************************************************************************************
skipping: [gzp-p-qv-webfe1]

TASK [roles/cis/RHEL8-CIS : Show Audit Summary] *********************************************************************************************************************************************************************************
skipping: [gzp-p-qv-webfe1]

TASK [roles/cis/RHEL8-CIS : Output Warning count and control IDs affected] ******************************************************************************************************************************************************
ok: [gzp-p-qv-webfe1] => {
    "msg": "You have 7 warning(s) that require investigating that are related to the following benchmark ID(s)  [1.1.2.1.1] [1.1.2.5.1] [1.2.4] [1.5.1.6] [2.2.22] [4.5.1.2] [Reboot_required]"
}

PLAY RECAP **********************************************************************************************************************************************************************************************************************
gzp-p-qv-webfe1            : ok=316  changed=18   unreachable=0    failed=0    skipped=304  rescued=0    ignored=0

Please help.

Regards.
@bantify bantify added the bug Something isn't working label Jun 30, 2024
@uk-bolly
Copy link
Member

uk-bolly commented Jul 8, 2024
edited

hi @bantify

We see this alot as you may see from other issues, scanner all work differently.
In this case if you investigate the test that the scanner is running with what CIS requires, you will see that it is often brittle, in many cases and doesn't match the requirements.
Often only searching for the filename as mentioned in the remediation steps but not running the audit steps which allows it to be searched for in many places.
I am sure you will find that many of the controls if you test the audit requirements it works as expected.
You may also find you are running a different version of the benchmark to the scanner you are running?
Controls get moved and changed, given new control IDs or even moved sections.

I also noticed a step that you have that is not part of our playbook

Delete line TMOUT from /etc/bashrc

If it is genuinely an issue happy to fix what is wrong.

Many thanks

uk-bolly

@uk-bolly uk-bolly self-assigned this Jul 8, 2024
@uk-bolly
Copy link
Member

hi @bantify,

Will close this issue as a problem with the scanner unless there is something not as expected please feel free to reopen?

Many thanks

uk-bolly

@uk-bolly uk-bolly added invalid This doesn't seem right and removed bug Something isn't working labels Aug 13, 2024
@bantify
Copy link
Author

bantify commented Aug 13, 2024

please close. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uk-bolly uk-bolly

Labels
invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bantify @uk-bolly