-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Profile to V1R6 #2
Conversation
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Preliminary review on several controls. Left some comments and questions. Has this profile been run against the target? If so, can the results be posted in this PR? Also, whether in this PR or another, we should add a GitHub workflow to run the profile.
controls/SV-238196.rb
Outdated
impact 0.5 | ||
tag severity: "medium " | ||
tag gtitle: "SRG-OS-000002-GPOS-00002 " | ||
tag gid: "V-238196 " |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should the gid be updated to SV or is it correct to have V-? Also, is it fine to have spaces at the end of the tags?
controls/SV-238198.rb
Outdated
# banner_text = input('banner_text') | ||
# clean_banner = banner_text.gsub(/[\r\n\s]/, '') | ||
# gdm3_defaults_file="/etc/gdm3/greeter.dconf-defaults" | ||
# describe 'The SSHD Banner is set to the standard banner and has the correct text' do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this commented out?
controls/SV-238210.rb
Outdated
it { should be_installed } | ||
end | ||
|
||
describe sshd_config do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For another control that looks at a config file, first there is a check if config_file_exists
. Is this a situation where this logic should also be encapsulated to make sure the thing it is checking exists and we don't have errors?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The resources themselves should do this an bubble up an error if the object was not found, you can check the file resource or file_reader utility to see if this is in there by default
Signed-off-by: HackerShark <[email protected]>
…turns a number to better handle the logic loop. Using parse_config_file resource rather than file resource. Signed-off-by: HackerShark <[email protected]>
…ation to inputs where it made sense. Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
… added an inputs.yml file Signed-off-by: HackerShark <[email protected]>
Signed-off-by: GitHub <[email protected]>
…iles Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
Signed-off-by: Aaron Lippold <[email protected]>
…ed off pip3 ansible install Signed-off-by: Aaron Lippold <[email protected]>
Signed-off-by: Aaron Lippold <[email protected]>
Signed-off-by: Aaron Lippold <[email protected]>
Signed-off-by: Aaron Lippold <[email protected]>
…trols to better use inputs. Signed-off-by: Aaron Lippold <[email protected]>
…more controls in the container context, fixed a few control style issues, updated all thresholds for current values Signed-off-by: Aaron Lippold <[email protected]>
…s for NA conditions, small style fixes Signed-off-by: Aaron Lippold <[email protected]>
Signed-off-by: Aaron Lippold <[email protected]>
Signed-off-by: Aaron Lippold <[email protected]>
Signed-off-by: Aaron Lippold <[email protected]>
Signed-off-by: Aaron Lippold <[email protected]>
Signed-off-by: Aaron Lippold <[email protected]>
…le for containers Signed-off-by: HackerShark <[email protected]>
Signed-off-by: HackerShark <[email protected]>
@@ -0,0 +1,3 @@ | |||
--- | |||
compliance.min: 48 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I notice that issue #8 addresses this low value
This PR has snowballed into something unwieldy, since we did the kitchen implementation in the same branch we were doing the profile update in. However, the profile is in a better state after this update than it was before, and the new Test Kitchen pipeline is not reporting any broken tests. We should merge this into main, rebranch, and continue refining the tests. LGTM for now |
Changelog
TODO Items
--
New Controls from V1R1 - > V1R6
Updates
Enhancements
Fixes