-
Notifications
You must be signed in to change notification settings - Fork 686
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CIS Profiles for SLE12 #7434
CIS Profiles for SLE12 #7434
Conversation
Hi @truzzon. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for this contribution. I left few notes on this PR, mostly around prodtype
ordering. Also please make sure that you have cce
on the rules as well.
linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
Outdated
Show resolved
Hide resolved
linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml
Show resolved
Hide resolved
linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
Outdated
Show resolved
Hide resolved
linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
Outdated
Show resolved
Hide resolved
linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
Outdated
Show resolved
Hide resolved
linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
Outdated
Show resolved
Hide resolved
linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
Outdated
Show resolved
Hide resolved
linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
Outdated
Show resolved
Hide resolved
/ok-to-test |
Hello @Mab879, thanks for your feedback. I'll fix what I can in the next days. About the CCE reference for SLE: there are none in the Nist resources. |
Hello @Mab879, I have contacted @teacup-on-rockingchair via e-mail and asked him, if he could help me out with the CCEs, since he is the only one in the recent commit history, who added CCEs for SLE. In case, the references are incomplete or nothing can be provided, is it still possible to merge the PR? After all, the build is working. And on my past PR CCEs were not required at all for SLE. |
@truzzon Thanks for the update. Please rebase this PR and I will take a look again and get it merged. |
Build currently failing.
019e65e
to
ebef89b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please run ./utils/fix_rules.py sort_prodtypes
to fix the prodtype ordering issues.
See https://complianceascode.readthedocs.io/en/latest/manual/developer/05_tools_and_utilities.html for more information on running the utilities.
linux_os/guide/services/ntp/ntpd_configure_restrictions/rule.yml
Outdated
Show resolved
Hide resolved
Hello @Mab879, I fixed your findings manually. The scripts did not work for me yet:
The prerequisites fail. What do I do in these cases? |
/test e2e-aws-rhcos4-moderate |
@truzzon I have fixed a couple more as well. What OS are using for this? I'm not reproduce on Fedora 34 with Python 3.9.6. |
I am working on Mint 20.2. I'll keep that tool in mind, when I start to work on sle15 again. I haven't had the time to debug it today. |
Thank you @truzzon! |
Description: