Why OSCAP rule xccdf_org.ssgproject.content_rule_audit_rules_login_events fails even after applying the remediation

Solution Verified - Updated -

Issue

  • OSCAP rule xccdf_org.ssgproject.content_rule_audit_rules_login_events fails even though audit rules are configured

    # auditctl -l -k logins
-w /var/log/tallylog -p wa -k logins
-w /var/run/faillock -p wa -k logins
-w /var/log/lastlog -p wa -k logins

    # oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_pci-dss --rule xccdf_org.ssgproject.content_rule_audit_rules_login_events /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 ... ok
Title   Record Attempts to Alter Logon and Logout Events
Rule    xccdf_org.ssgproject.content_rule_audit_rules_login_events
Ident   CCE-27204-7
Result  fail

Environment

  • Red Hat Enterprise Linux 7.6
    • scap-security-guide-0.1.40-12.el7.noarch

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content