8000 Add Rules,Remediation and Tests for SLES-15-040430 by yarunachalam · Pull Request #6870 · ComplianceAsCode/content · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add Rules,Remediation and Tests for SLES-15-040430 #6870

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 31, 2021
Merged

Add Rules,Remediation and Tests for SLES-15-040430 #6870

merged 4 commits into from
May 31, 2021

Conversation

yarunachalam
Copy link
Contributor

Description:

  • Add Rules,Remediation and Tests for SLES-15-040430

Rationale:

  • Add SLE15 stig to 'Disable GDM Unattended or Automatic Login'

@openshift-ci-robot openshift-ci-robot added the needs-ok-to-test Used by openshift-ci bot. label Apr 20, 2021
@openshift-ci-robot
Copy link
Collaborator

Hi @yarunachalam. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openscap-ci
Copy link
Collaborator
openscap-ci commented Apr 20, 2021
edited
Loading

Changes identified:
Rules:
 gnome_gdm_disable_unattended_automatic_login
Profiles:
 stig on sle15

Show details

Rule gnome_gdm_disable_unattended_automatic_login:
 Bash remediation is newly added.
 OVAL check is newly added.
 Ansible remediation newly added.
Profile stig on sle15:
 Rule gnome_gdm_disable_unattended_automatic_login added to stig profile.

Recommended tests to execute:
 build_product sle15
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-sle15-ds.xml gnome_gdm_disable_unattended_automatic_login
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-sle15-ds.xml gnome_gdm_disable_unattended_automatic_login
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-sle15-ds.xml stig

carlosmmatos
carlosmmatos suggested changes Apr 21, 2021
View reviewed changes
Copy link
Contributor
@carlosmmatos carlosmmatos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change unattend references to unattended for completeness/readability

@yarunachalam
Copy link
Contributor Author

@carlosmmatos , I need more specific comment for unattend referernces.

@ggbecker
Copy link
Member

@carlosmmatos , I need more specific comment for unattend referernces.

He is mentioning that the word unattend should be replaced by the word unattended. I think all the files name have that wrong spelled word. So you just need to rename some files.

@carlosmmatos
Copy link
Contributor

@carlosmmatos , I need more specific comment for unattend referernces.

He is mentioning that the word unattend should be replaced by the word unattended. I think all the files name have that wrong spelled word. So you just need to rename some files.

Correct, this is basically a spelling fix request. I believe you meant to use unattended rather than unattend (which is not a word). You have instances of this in both your rule names, as well as within the code.

@yarunachalam
Copy link
Contributor Author

Rename complete.

@carlosmmatos
Copy link
Contributor

/ok-to-test

@openshift-ci-robot openshift-ci-robot added ok-to-test Used by openshift-ci bot. and removed needs-ok-to-test Used by openshift-ci bot. labels Apr 23, 2021
@yarunachalam
Fixed review comments:
92cc5f6 
Updated DISA and SRG to be product independent
Updated oval test comments to be unique.
@brett060102
Copy link

@jan-cerny The requested changes have been made. WE do see that the ci/prow/e2e-aws-ocp4-cis-node tests failed, but those failures don't seem to be related to our changes.
Any ideas?

@vojtapolasek vojtapolasek modified the milestones: 0.1.56, 0.1.57 May 6, 2021
@brett060102
Copy link

@jan-cerny @carlosmmatos Is there a reason that this has not been merged? Thanks

@vojtapolasek vojtapolasek self-assigned this May 27, 2021
@vojtapolasek
Copy link
Collaborator

Just a nitpick, see the comment. I have a question. Do you think that these config changes make sense only together or they could be applied separately?

@yarunachalam @vojtapolasek
Update linux_os/guide/system/software/gnome/gnome_login_screen/gnome_…
1cf39f4 
…gdm_disable_unattended_automatic_login/rule.yml

Co-authored-by: vojtapolasek <krecoun@gmail.com>
@vojtapolasek vojtapolasek merged commit e6d91f5 into ComplianceAsCode:master May 31, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vojtapolasek vojtapolasek vojtapolasek left review comments

@jan-cerny jan-cerny jan-cerny left review comments

@carlosmmatos carlosmmatos carlosmmatos approved these changes

Assignees

@vojtapolasek vojtapolasek

Labels
ok-to-test Used by openshift-ci bot.
Projects
None yet
Milestone
0.1.57
Development

Successfully merging this pull request may close these issues.
8 participants
@yarunachalam @openshift-ci-robot @openscap-ci @ggbecker @carlosmmatos @brett060102 @vojtapolasek @jan-cerny
0