From 75dd0e76be957e5fd92c98f01f7d672b2549fd3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Tue, 8 Aug 2023 15:15:21 +0200 Subject: [PATCH] Remove kernel cmdline check The OVAL in rule enable_fips_mode contains multiple checks. One of these checks tests presence of `fips=1` in `/etc/kernel/cmdline`. Although this is useful for latest RHEL versions, this file doesn't exist on RHEL 8.6 and 9.0. This causes that the rule fails after remediation on these RHEL versions. We want the same OVAL behavior on all minor RHEL releases, therefore we will remove this test from the OVAL completely. Related to: https://github.com/ComplianceAsCode/content/pull/10897 --- .../fips/enable_fips_mode/oval/shared.xml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml index 88aae7aaab9..3b50e07060e 100644 --- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml +++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml @@ -12,8 +12,6 @@ comment="system cryptography policy is configured"/> - {{% if "ol" in product or "rhel" in product %}} @@ -57,19 +55,6 @@ ^(?:.*\s)?fips=1(?:\s.*)?$ - - - - - - - ^/etc/kernel/cmdline - ^(.*)$ - 1 - -