Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Select new rules in RHEL 7CIS Profile #5331

Merged
merged 4 commits into from Mar 24, 2020
Merged

Select new rules in RHEL 7CIS Profile #5331

merged 4 commits into from Mar 24, 2020

Conversation

yuumasato
Copy link
Member

Description:

  • Update a few selection and references in RHEL7 CIS Profile

@yuumasato
Remove sshd_enable_x11_forwarding
c55c92f
@yuumasato
Add a few more selections to rhel7 profile
9a719c4 
- Rule for libselinux installed
- Rule for service tftp disabled
- Rule for kernel module RDS disabled
@yuumasato
Select rule for Chrony and fix rhel7 references
1aaf4f3
@yuumasato
Select rules for backup account files
54150d2 
Select rules to check permissions and owner of important backup account
files.
@yuumasato
Copy link
Member Author

@openscap-ci test this please

redhatrises
redhatrises reviewed Mar 23, 2020
View reviewed changes
rhel7/profiles/cis.profile
### 6.1.9 Ensure permissions on /etc/gshadow- are configured (Scored)
- file_owner_backup_etc_gshadow
- file_groupowner_backup_etc_gshadow
- file_permissions_backup_etc_gshadow
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yuumasato am I reading this right? 4x the same 3 rules?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, each time it's a different file: /etc/passwd, /etc/shadow, /etc/group, /etc/gshadow.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm alleviated there was no copy-pasta error, 😄

@jan-cerny jan-cerny merged commit 26f39e7 into master Mar 24, 2020
@jan-cerny jan-cerny added this to the 0.1.50 milestone Mar 24, 2020
@jan-cerny jan-cerny self-assigned this Mar 24, 2020
@yuumasato yuumasato deleted the update_rhel7_selection branch March 24, 2020 08:17
@yuumasato yuumasato mentioned this pull request Mar 24, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redhatrises redhatrises redhatrises left review comments

@jan-cerny jan-cerny jan-cerny left review comments

Assignees

@jan-cerny jan-cerny

Labels
None yet
Projects
None yet
Milestone
0.1.50
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@yuumasato @redhatrises @jan-cerny