Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Align securetty_root_login_console_only remediations with OVAL/rule description #11716

Merged
merged 1 commit into from
Mar 15, 2024
Merged

Align securetty_root_login_console_only remediations with OVAL/rule description #11716

merged 1 commit into from
Mar 15, 2024

Conversation

mildas
Copy link
Contributor

@mildas mildas commented Mar 15, 2024

Description:

The rule had wrong regex according to rule description.
See also one of older STIG requiremets - https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2020-09-03/finding/V-217865 where for such requirement is grep '^vc/[0-9]' /etc/securetty

Rationale:

Seems as it causes problem in Testing Farm hardening tests.

Review Hints:

See rule description/oval regex.

@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@github-actions GitHub Actions
Copy link

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
bash remediation for rule 'xccdf_org.ssgproject.content_rule_securetty_root_login_console_only' differs.
--- xccdf_org.ssgproject.content_rule_securetty_root_login_console_only
+++ xccdf_org.ssgproject.content_rule_securetty_root_login_console_only
@@ -1 +1 @@
-sed -i '/^vc\//d' /etc/securetty
+sed -i '/^vc\/[0-9]/d' /etc/securetty

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_securetty_root_login_console_only' differs.
--- xccdf_org.ssgproject.content_rule_securetty_root_login_console_only
+++ xccdf_org.ssgproject.content_rule_securetty_root_login_console_only
@@ -1,7 +1,7 @@
 - name: Restrict Virtual Console Root Logins
   lineinfile:
     dest: /etc/securetty
-    regexp: ^vc
+    regexp: ^vc/[0-9]
     state: absent
   tags:
   - CCE-80864-2

@github-actions GitHub Actions
Copy link

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11716
This image was built from commit: 15191aa

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11716

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11716 make deploy-local

@codeclimate CodeClimate
Copy link

codeclimate bot commented Mar 15, 2024

Code Climate has analyzed commit 15191aa and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.3% (0.0% change).

View more on Code Climate.

@mildas
Copy link
Contributor Author

mildas commented Mar 15, 2024

/packit retest-failed

@jan-cerny jan-cerny self-assigned this Mar 15, 2024
@jan-cerny jan-cerny added this to the 0.1.73 milestone Mar 15, 2024
@jan-cerny jan-cerny merged commit bcb090a into ComplianceAsCode:master Mar 15, 2024
44 checks passed
@Mab879 Mab879 added Bash Bash remediation update. labels May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

Assignees

@jan-cerny jan-cerny

Labels
Bash Bash remediation update.
Projects
None yet
Milestone
0.1.73
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mildas @jan-cerny @Mab879