Implement rpm_verify_crypto_policies #13469
Conversation
Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
|
Hi @mrkanon. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Change in Ansible Please consider using more suitable Ansible module than |
Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
|
Change in Ansible Please consider using more suitable Ansible module than |
| # complexity = high | ||
| # disruption = medium | ||
|
|
||
| - name: "Read files with incorrect hash" |
There was a problem hiding this comment.
| - name: "Read files with incorrect hash" | |
| - name: "{{{ rule_title }}} - Read files with incorrect hash" |
| # disruption = medium | ||
|
|
||
| - name: "Read files with incorrect hash" | ||
| command: rpm -V crypto-policies |
There was a problem hiding this comment.
| command: rpm -V crypto-policies | |
| ansible.builtin.command: rpm -V crypto-policies |
| check_mode: False | ||
|
|
||
| - name: "Reinstall packages of files with incorrect hash" | ||
| command: "{{{ pkg_manager }}} reinstall -y crypto-policies" |
There was a problem hiding this comment.
| command: "{{{ pkg_manager }}} reinstall -y crypto-policies" | |
| ansible.builtin.command: "{{{ pkg_manager }}} reinstall -y crypto-policies" |
| @@ -0,0 +1,38 @@ | |||
| documentation_complete: true | |||
|
|
|||
There was a problem hiding this comment.
The double space is from us removing prodtype it is not needed.
| @@ -0,0 +1,7 @@ | |||
| # platform =multi_platform_ol | |||
There was a problem hiding this comment.
| # platform =multi_platform_ol | |
| # platform = multi_platform_ol |
| failed_when: files_with_incorrect_hash.rc > 1 | ||
| check_mode: False | ||
|
|
||
| - name: "Reinstall packages of files with incorrect hash" |
Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
|
Change in Ansible Please consider using more suitable Ansible module than |
|
Code Climate has analyzed commit a533d0f and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 61.9% (0.0% change). View more on Code Climate. |
|
Is it possible to be part of v0.1.77? |
|
Hello @mrkanon , unfortunatelly this rule will not make it into the stabilization branch. As written in our documentation, stabilization branch should only receive fixes to issues which are discovered during extensive testing performed during the stabilization phase. |
Description:
Rationale:
Align OL9 STIG profile with DISA STIG OL9 V1R1