-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Updates for Merge #5
base: main
Are you sure you want to change the base?
Conversation
Like this? |
Wait, I just noticed the domain_role variable isn't returning the version number. Is it a syntax error? @em-c-rod @HenryXiaoHX |
Any updates to push to this? |
SV-221584 is giving me trouble, I can push what I have soon |
Odd we don't seem to be getting data back from inspec ... aka from the run in Actions we are getting a lot of NULL in our |
https://github.com/mitre/google-chrome-v2r6-stig-baseline/runs/8102680830?check_suite_focus=true -- under the Run InSpec section ... our |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this profile will need to be run as Admin correct given it is looking at the registry
I think this is the expected outcome because google chrome is not hardened yet. Therefore the corresponding property, such as 'DownloadRestrictions', does not yet exist in the registry key. |
Quick question, If i install the newest version of Inspec, would it come with SAF Heimdall? |
Also, do you guys use Mattermost? |
Heimdall supports all versions of inspec but you have to install both of them yourself. |
MITRE uses Slack, Teams and use Mattermost with our cutomers but they run that and we join via accounts they provide. |
Was there anything else you guys wanted me to add to this? |
Not sure why the checks failed.... |
Is the check failing for you as well |
? |
@TSterling76 I think your latest commit where you changed the type to Numeric from String is what's causing the issue. If you look at the output from the test, you can see under the "Run InSpec" step that it says It'll probably be insightful to look at this issue from the InSpec repo: inspec/inspec#2147. Maybe there's been updates since 2017, but it seems like there isn't that nice of a possible resolution other than treating it as a String and using Maybe someone else can chime in, but the resolution I would be going for would be to see if the input I was getting from stdout was 3 or 4 block semver, and then comparing it with the appropriate string (i.e. if you see a 4 block semver, then you should compare it with 74.0.0.0 instead of 74.0.0). Maybe @aaronlippold @em-c-rod @brett-w or @HenryXiaoHX have a better possible resolution. |
Could we leave this check blank for now? If we can't find a solution. @aaronlippold |
I'm not sure why these are failing @aaronlippold @Amndeep7 |
This reverts commit 2f408bf.
This reverts commit 5548f7e.
This reverts commit a6881a4.
This reverts commit 45b86cf.
This reverts commit db1b11d.
This reverts commit fe967ea.
This reverts commit 394cd85.
…ontrol, but also place us back before there was some experimentation to resolve issues that were happening. This commit is also a test to see if making the input a four block semver would resolve the immediate problem. Signed-off-by: Amndeep Singh Mann <[email protected]>
Signed-off-by: Amndeep Singh Mann <[email protected]>
…answer worked for me: https://stackoverflow.com/a/55531855/645647 Signed-off-by: Amndeep Singh Mann <[email protected]>
That key worked on my vm, but it seems like the registry key wasn't there on the github vm. I see why @TSterling76 used the registry key that he used (https://github.com/actions/runner-images/blob/main/images/win/scripts/Installers/Install-Chrome.ps1#L52), but that's not been working either. Need to continue to do research on how github is setting all the registry keys. |
No description provided.