Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New templated rule to remove iptables-services package #10703

Merged
merged 2 commits into from
Jun 8, 2023
Merged

New templated rule to remove iptables-services package #10703

merged 2 commits into from
Jun 8, 2023

Conversation

marcusburghardt
Copy link
Member

Description:

Included a rule to remove the iptables-services package.
This new rule satisfies CIS requirements for RHEL7 and RHEL8.

Rationale:

Review Hints:

This is a templated rule, so no surprises are expected.

@marcusburghardt marcusburghardt added New Rule Issues or pull requests related to new Rules. RHEL7 Red Hat Enterprise Linux 7 product related. RHEL8 Red Hat Enterprise Linux 8 product related. CIS CIS Benchmark related. labels Jun 8, 2023
@marcusburghardt marcusburghardt added this to the 0.1.69 milestone Jun 8, 2023
@marcusburghardt marcusburghardt requested a review from a team as a code owner June 8, 2023 14:42
@github-actions
Copy link

github-actions bot commented Jun 8, 2023

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@Mab879 Mab879 self-assigned this Jun 8, 2023
@Mab879
Copy link
Member

Mab879 commented Jun 8, 2023

Looks like you will need to rebase on the latest master, that should fix the cmakelinit issue.

@marcusburghardt
Include rule to remove iptables-services package
615b32a
@marcusburghardt
Update CIS control file for RHEL7 and RHEL8
4977145 
The CIS requirement to removed iptables-services package is now
completed for RHEL7 and RHEL8.
@marcusburghardt
Copy link
Member Author

Looks like you will need to rebase on the latest master, that should fix the cmakelinit issue.

Rebased

@codeclimate
Copy link

codeclimate bot commented Jun 8, 2023

Code Climate has analyzed commit 4977145 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 52.8% (0.0% change).

View more on Code Climate.

@Mab879
Copy link
Member

Mab879 commented Jun 8, 2023

The CS9 Automatus failure is expected as this rule is not applicable for RHEL9.

@Mab879 Mab879 merged commit 439611a into ComplianceAsCode:master Jun 8, 2023
33 of 34 checks passed
@marcusburghardt marcusburghardt deleted the rule_iptables-service branch June 9, 2023 06:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
CIS CIS Benchmark related. New Rule Issues or pull requests related to new Rules. RHEL7 Red Hat Enterprise Linux 7 product related. RHEL8 Red Hat Enterprise Linux 8 product related.
Projects
None yet
Milestone
0.1.69
Development

Successfully merging this pull request may close these issues.

CIS 3.4.2.2 Ensure iptables is not enabled (Scored)
2 participants
@marcusburghardt @Mab879