8000 Remove rules from the RHEL9 STIG profile by matejak · Pull Request #10877 · ComplianceAsCode/content · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Remove rules from the RHEL9 STIG profile #10877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 19, 2023
Merged

Remove rules from the RHEL9 STIG profile #10877

merged 1 commit into from
Jul 19, 2023

Conversation

matejak
Copy link
Member
@matejak matejak commented Jul 19, 2023

Those rules aren't even RHEL9-compatible

The RHEL9 SSHD Crypto Policies implementation is different than the RHEL8 one, and it now has an sshd config format vs the former CLI argument format.

Unfortunately, we can't just remove prodtypes from those rules because of tailoring compatibility, so we have to pay attention not to include them again.

@matejak
Remove rules from the RHEL9 STIG profile
c9b0781 
Those rules aren't even RHEL9-compatible
@matejak matejak mentioned this pull request Jul 19, 2023
Closed
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@codeclimate
Copy link
codeclimate bot commented Jul 19, 2023

Code Climate has analyzed commit c9b0781 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 53.2% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 self-assigned this Jul 19, 2023
@Mab879 Mab879 added this to the 0.1.70 milestone Jul 19, 2023
@Mab879 Mab879 added the bugfix Fixes to reported bugs. label Jul 19, 2023
Mab879
Mab879 approved these changes Jul 19, 2023
View reviewed changes
Copy link
Member
@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@Mab879 Mab879 merged commit aae4f2a into ComplianceAsCode:master Jul 19, 2023
@Mab879
Copy link
Member
Mab879 commented Jul 19, 2023

Unfortunately, we can't just remove prodtypes from those rules because of tailoring compatibility, so we have to pay attention not to include them again.

Is there someplace that we should document this fact?

@matejak
Copy link
Member Author
matejak commented Jul 19, 2023

A test will start failing as soon as it is included, so it's probably fine for the time being. We have to address the profile composition problem more generally, e.g. by leveraging the newly-introduced components, which decompose profiles into smaller groups of rules that can each be addressed by a single SME.

@vojtapolasek vojtapolasek mentioned this pull request Jul 28, 2023
Merged
@marcusburghardt marcusburghardt mentioned this pull request Aug 16, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
bugfix Fixes to reported bugs.
Projects
None yet
Milestone
0.1.70
Development

Successfully merging this pull request may close these issues.
2 participants
@matejak @Mab879
0