-
Notifications
You must be signed in to change notification settings - Fork 46
Deprecated tests & Adding missing tests from RHEL7 STIG v2r4 #142
Conversation
Merge of updates
Merge from simp/inspec-profile-disa_stig-el7
…m the STIG. Currently the following have been removed from the Latest STIG RHEL7 V2R4 V-71895 - The operating system must set the idle delay setting for all connection types. V-71981 - The operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of packages without verification of the repository metadata. V-72143 - The operating system must generate audit records for all successful/unsuccessful account access count events. V-72169 - All uses of the sudoedit command must be audited. V-72181 - All uses of the pt_chown command must be audited. V-72193 - All uses of the rmmod command must be audited V-72195 - All uses of the modprobe command must be audited. V-72215 - The system must update the virus scan program every seven days or more frequently V-72435 - The operating system must implement smart card logons for multifactor authentication for access to privileged accounts. V-78995 - The operating system must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
Deprecated tests
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Signed-off-by: HackerShark <[email protected]>
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Fixed some typos.
Signed-off-by: HackerShark <[email protected]>
@aaronlippold Looks like we're still having an issue, do you know what might be causing this? https://travis-ci.org/github/simp/inspec-profile-disa_stig-el7/jobs/658905934#L1472 |
It looks like a parsing issue of the outcoming JSON file. The only change
they made to the JSON structure was when they added the waivers data.
…On Wed, Mar 11, 2020, 9:52 AM Trevor Vaughan ***@***.***> wrote:
@aaronlippold <https://github.com/aaronlippold> Looks like we're still
having an issue, do you know what might be causing this?
https://travis-ci.org/github/simp/inspec-profile-disa_stig-el7/jobs/658905934#L1472
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#142 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALK42CCIVBVPIQVH2VG24TRG6JRXANCNFSM4LBLDKIQ>
.
|
I ran the test without these updates on a different repo and didn't have any issues so I think it's something related to this change but there's not really enough to go on. |
Oh, this is an issue with running the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not just remove deprecated tests altogether? What's the likelihood someone is going to want to execute extra STIG controls that they don't have to? An ISSM is only going to care about what is in the STIG.
Signed-off-by: Aaron Lippold <[email protected]>
I see that inspec is now running but we're not getting a report. Can you see if there is any valid output coming from this new data set? |
There seems to still be something wrong:
|
This identified a bug in Fixed in simp/rubygem-simp-beaker-helpers#121 and will be released soon |
For anyone tracking this PR: simp/rubygem-simp-beaker-helpers#121 was released on April 07. However, we've recently migrated our org's Travis CI from travis-ci.org to travis-ci.com, so restarting the previous Travis PR checks to pick up the new gems won't clear the failed travis-ci.org checks (and we can't get rid of them). As a workaround: you can push up trivial change to the PR, which will prompt all CI PR checks rerun on the new commit from scratch. |
Closing. Maintenance has been moved to https://github.com/mitre/redhat-enterprise-linux-7-stig-baseline |
Merging in PR #114 and #113
Pulled in latest updates from Master of Simp.
Rebased depracatedTests with Simp master.
Merged updates.
Resolved all merge conflicts.
Cleaned up controls.
Made various fixes.