Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add some nftables rules to Ubuntu CIS profile #10300

Merged
merged 10 commits into from
Mar 17, 2023
Merged

Add some nftables rules to Ubuntu CIS profile #10300

merged 10 commits into from
Mar 17, 2023

Conversation

dodys
Copy link
Contributor

@dodys dodys commented Mar 8, 2023

Description:

  • Add the following rules to Ubuntu CIS profiles:
    • service_nftables_enabled
    • set_nftables_table
  • Also add a SCE check for set_nftables_table
  • Lastly remove some logic from SSGCommon.cmake regarding SCE, I feel like the check for products is unnecessary.

Rationale:

  • The rules are needed for CIS on Ubuntu 22.04 and 20.04.

@dodys dodys requested a review from a team as a code owner March 8, 2023 16:54
@github-actions
Copy link

github-actions bot commented Mar 8, 2023

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@dodys dodys added Ubuntu Ubuntu product related. CIS CIS Benchmark related. labels Mar 8, 2023
@Mab879 Mab879 added the Update Rule Issues or pull requests related to Rules updates. label Mar 8, 2023
@Mab879 Mab879 added this to the 0.1.67 milestone Mar 8, 2023
@dodys dodys requested a review from Mab879 March 13, 2023 15:22
@codeclimate
Copy link

codeclimate bot commented Mar 13, 2023

Code Climate has analyzed commit 75effce and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 51.7% (0.0% change).

View more on Code Climate.

@dodys
Copy link
Contributor Author

dodys commented Mar 14, 2023

/retest

@openshift-ci
Copy link

openshift-ci bot commented Mar 14, 2023

@dodys: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-rhcos4-e8 75effce link true /test e2e-aws-rhcos4-e8
ci/prow/e2e-aws-rhcos4-high 75effce link true /test e2e-aws-rhcos4-high
ci/prow/e2e-aws-rhcos4-moderate 75effce link true /test e2e-aws-rhcos4-moderate

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@Mab879 Mab879 self-assigned this Mar 17, 2023
Mab879
Mab879 approved these changes Mar 17, 2023
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!

I'm waving the CentOS Stream 8 tesing due to the testing farm outage.

I'm also waving the CODEOWNERS requirement as @dodys cannot merge is own PR.

@Mab879 Mab879 merged commit 996c06b into ComplianceAsCode:master Mar 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
CIS CIS Benchmark related. Ubuntu Ubuntu product related. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.67
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dodys @Mab879