[Open-scap] ntp and auditd setting issue in debian 8

Dhanushka Parakrama parakrama1282 at gmail.com
Wed Sep 5 09:42:44 UTC 2018 

Hi Matus

Please find the attached reports

On Tue, 4 Sep 2018 at 18:43, Matus Marhefka <mmarhefk at redhat.com> wrote:

> Hi Dhanushka,
>
> have you run both 'systemctl start SERVICE' and 'systemctl enable SERVICE'
> (replace SERVICE with auditd and ntp)? If yes, it might be an issue either
> in OVAL checks or in the systemdunitdependency_probe. Please run the
> following scans and send us the outputs for further analysis:
>
> *oscap xccdf eval --verbose DEVEL --profile
> xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --rule
> xccdf_org.ssgproject.content_rule_service_ntp_enabled ssg-debian8-ds.xml*
> and
> *oscap xccdf eval --verbose DEVEL --profile
> xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --rule
> xccdf_org.ssgproject.content_rule_service_auditd_enabled ssg-debian8-ds.xml*
>
>
> Best Regards,
> Matus Marhefka
>
> On Mon, Sep 3, 2018 at 11:59 AM, Dhanushka Parakrama <
> parakrama1282 at gmail.com> wrote:
>
>> Guys
>>
>> Any news regarding  the error
>>
>> On Wed, 29 Aug 2018 at 21:33, Dhanushka Parakrama <
>> parakrama1282 at gmail.com> wrote:
>>
>>>
>>> Hi  Team
>>>
>>> We have ran the scan for debian 8 using below command
>>>
>>> *oscap  xccdf eval   --profile
>>> xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report
>>> report.html  ssg-debian8-ds.xml*
>>>
>>> Got alerts as below ,
>>> ===============
>>>
>>> [image: image.png]
>>>
>>>
>>>
>>> To Fixed it we ran the below commands as suggested by the report
>>>
>>> *service ntp status*
>>> ● ntp.service - LSB: Start NTP daemon
>>>    Loaded: loaded (/etc/init.d/ntp)
>>>    Active: active (running) since Mon 2018-08-27 18:24:21 IST; 2 days ago
>>>    CGroup: /system.slice/ntp.service
>>>            └─473 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 112:120
>>>
>>> Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 0 v4wildcard
>>> 0.0.0.0 UDP 123
>>> Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 1 v6wildcard
>>> :: UDP 123
>>> Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 2 lo 127.0.0.1
>>> UDP 123
>>> Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 3 eth0
>>> 192.168.8.150 UDP 123
>>> Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 4 lo ::1 UDP
>>> 123
>>> Aug 27 18:24:21 oscapserver ntpd[473]: peers refreshed
>>> Aug 27 18:24:21 oscapserver ntpd[473]: Listening on routing socket on fd
>>> #21 for interface updates
>>> Aug 27 18:24:21 oscapserver systemd[1]: Started LSB: Start NTP daemon.
>>> Aug 27 18:24:24 oscapserver ntpd[473]: Listen normally on 5 eth0
>>> fe80::250:56ff:fe94:6150 UDP 123
>>> Aug 27 18:24:24 oscapserver ntpd[473]: peers refreshed
>>>
>>>
>>> *service auditd status*
>>> ● auditd.service - Security Auditing Service
>>>    Loaded: loaded (/lib/systemd/system/auditd.service; enabled)
>>>    Active: active (running) since Tue 2018-08-28 14:41:28 IST; 1 day 6h
>>> ago
>>>  Main PID: 12464 (auditd)
>>>    CGroup: /system.slice/auditd.service
>>>            └─12464 /sbin/auditd -n
>>>
>>>
>>> But even after we ran the scan after fixing it  Report still shows as
>>>
>>>
>>> [image: image.png]
>>>
>>> Is there any reason for that ?
>>>
>>>
>>> Thank You
>>> Dhanushka
>>>
>>>
>>>
>> _______________________________________________
>> Open-scap-list mailing list
>> Open-scap-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/open-scap-list
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180905/83519411/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 8661 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180905/83519411/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 8661 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180905/83519411/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: auditd.log
Type: text/x-log
Size: 76591 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180905/83519411/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ntp.log
Type: text/x-log
Size: 76522 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180905/83519411/attachment-0001.bin>

More information about the Open-scap-list mailing list