Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update OL OSPP profiles #6745

Merged
merged 1 commit into from Mar 31, 2021
Merged

Update OL OSPP profiles #6745

merged 1 commit into from Mar 31, 2021

Conversation

freddieRv
Copy link
Contributor

Signed-off-by: Federico Ramirez federico.r.ramirez@oracle.com

Description:

  • Update OL8 OSPP profile to be in sync with RHEL8 one
  • Add OSPP profile for OL7 based on RHEL7 one

Rationale:

  • OL profiles effort

@freddieRv
Update OL OSPP profiles
bfd346f 
Signed-off-by: Federico Ramirez <federico.r.ramirez@oracle.com>
@openshift-ci-robot openshift-ci-robot added the needs-ok-to-test Used by openshift-ci bot. label Mar 23, 2021
@openshift-ci-robot
Copy link
Collaborator

Hi @freddieRv. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openscap-ci
Copy link
Collaborator

Changes identified:
Profiles:
 ospp on ol7
 ospp on ol8
 cui on ol8

Show details

Profile ospp on ol7:
 Newly added profile.
Profile ospp on ol8:
 Rule package_chrony_installed, sshd_use_strong_rng, configure_ssh_crypto_policy, package_rsyslog-gnutls_installed, rsyslog_remote_tls, service_kdump_disabled, package_gnutls-utils_installed, rsyslog_remote_tls_cacert, ssh_client_rekey_limit, use_pam_wheel_for_su, package_rsyslog_installed, package_audispd-plugins_installed, openssl_use_strong_entropy, ssh_client_use_strong_rng_csh, grub2_kernel_trust_cpu_rng, ssh_client_use_strong_rng_sh added to ospp profile.
 Variable var_ssh_client_rekey_limit_time=1hour, var_rekey_limit_size=1G, var_rekey_limit_time=1hour, var_ssh_client_rekey_limit_size=1G added to ospp profile.
 Rule package_pigz_removed, service_rngd_enabled, package_tuned_removed, package_iptables_installed, package_rng-tools_installed removed from ospp profile.
Profile cui on ol8:
 CUI profile extends changed OSPP profile.

Recommended tests to execute:
 build_product rhel8
 build_product ol8
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-ol8-ds.xml cui
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-ol8-ds.xml ospp
 build_product ol7
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-ol7-ds.xml ospp

@yuumasato yuumasato self-assigned this Mar 31, 2021
@yuumasato yuumasato added this to the 0.1.56 milestone Mar 31, 2021
yuumasato
yuumasato approved these changes Mar 31, 2021
View reviewed changes
Copy link
Member

@yuumasato yuumasato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The profile additions and rule changes look OK to me.

@yuumasato yuumasato merged commit 51f1801 into ComplianceAsCode:master Mar 31, 2021
@freddieRv freddieRv deleted the OL-OSPP-profiles-update branch June 15, 2021 21:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuumasato yuumasato yuumasato approved these changes

Assignees

@yuumasato yuumasato

Labels
needs-ok-to-test Used by openshift-ci bot.
Projects
None yet
Milestone
0.1.56
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@freddieRv @openshift-ci-robot @openscap-ci @yuumasato