Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Deprecated tests & Adding missing tests from RHEL7 STIG v2r4 #142

Closed
wants to merge 34 commits into from

Conversation

HackerShark
Copy link

Merging in PR #114 and #113

Pulled in latest updates from Master of Simp.
Rebased depracatedTests with Simp master.
Merged updates.
Resolved all merge conflicts.
Cleaned up controls.
Made various fixes.

cpoma and others added 30 commits September 5, 2019 10:30
Merge from simp/inspec-profile-disa_stig-el7
…m the STIG. Currently the following have been removed from the Latest STIG RHEL7 V2R4

    V-71895 - The operating system must set the idle delay setting for all connection types.
    V-71981 - The operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of packages without verification of the repository metadata.
    V-72143 - The operating system must generate audit records for all successful/unsuccessful account access count events.
    V-72169 - All uses of the sudoedit command must be audited.
    V-72181 - All uses of the pt_chown command must be audited.
    V-72193 - All uses of the rmmod command must be audited
    V-72195 - All uses of the modprobe command must be audited.
    V-72215 - The system must update the virus scan program every seven days or more frequently
    V-72435 - The operating system must implement smart card logons for multifactor authentication for access to privileged accounts.
    V-78995 - The operating system must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
@trevor-vaughan
Copy link
Member

@aaronlippold Looks like we're still having an issue, do you know what might be causing this?

https://travis-ci.org/github/simp/inspec-profile-disa_stig-el7/jobs/658905934#L1472

@aaronlippold
Copy link
Member

aaronlippold commented Mar 11, 2020 via email

@trevor-vaughan
Copy link
Member

I ran the test without these updates on a different repo and didn't have any issues so I think it's something related to this change but there's not really enough to go on.

@trevor-vaughan
Copy link
Member

Oh, this is an issue with running the inspec command. Nothing has touched the JSON yet.

Copy link
Contributor

@ljkimmel ljkimmel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not just remove deprecated tests altogether? What's the likelihood someone is going to want to execute extra STIG controls that they don't have to? An ISSM is only going to care about what is in the STIG.

@trevor-vaughan
Copy link
Member

I see that inspec is now running but we're not getting a report. Can you see if there is any valid output coming from this new data set?

@trevor-vaughan
Copy link
Member

There seems to still be something wrong:

[root@el7 inspec]# inspec exec inspec_profiles/CentOS-7-disa_stig/CentOS-7-disa_stig --chef-license accept
Unable to parse inspec.yml: line 437, did not find expected key while parsing a block mapping

@trevor-vaughan
Copy link
Member

This identified a bug in simp-beaker-helpers which was not providing adequate reporting when inspec failed.

Fixed in simp/rubygem-simp-beaker-helpers#121 and will be released soon

@op-ct
Copy link
Member

op-ct commented Aug 28, 2020

For anyone tracking this PR: simp/rubygem-simp-beaker-helpers#121 was released on April 07.

However, we've recently migrated our org's Travis CI from travis-ci.org to travis-ci.com, so restarting the previous Travis PR checks to pick up the new gems won't clear the failed travis-ci.org checks (and we can't get rid of them).

As a workaround: you can push up trivial change to the PR, which will prompt all CI PR checks rerun on the new commit from scratch.

@trevor-vaughan
Copy link
Member

Closing. Maintenance has been moved to https://github.com/mitre/redhat-enterprise-linux-7-stig-baseline

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants