New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SLES-15-010250 add rule, remediation and tests. #6879
SLES-15-010250 add rule, remediation and tests. #6879
Conversation
Hi @teacup-on-rockingchair. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Changes identified: Show detailsRule set_password_hashing_algorithm_commonauth: Recommended tests to execute: |
/ok-to-test |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for this rule. Please see review comments.
Just a note, you do not need to supply Ansible remediation and OVAL check in this case, because you use template. That is the goal of templates - no need to write remediations or checks if they have many thing in common. As you can see, the pam_options template provides oval and ansible:
https://github.com/ComplianceAsCode/content/tree/master/shared/templates/pam_options
However, if you want to supply Bash remediation, you can, because the template does not provide it.
You can read more about templates here:
https://complianceascode.readthedocs.io/en/latest/manual/developer/06_contributing_with_content.html#templating
cce@sle15: CCE-85754-0 | ||
|
||
references: | ||
disa@sle15: CCI-000803 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CCIs are product independent
disa@sle15: CCI-000803 | |
disa: CCI-000803 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 🙇, should be ok in edeb2c5
name: pam_options | ||
vars: | ||
path: /etc/pam.d/common-auth | ||
type: password |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose you want to check auth section, not password section.
type: password | |
type: auth |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 🙇, should be ok in edeb2c5
Thanks to @vojtapolasek for the feedback
Hello, thanks for fixes. Please could you remove the oval and ansible remediation, is it is supplied by the template? |
...counts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml
Outdated
Show resolved
Hide resolved
Just that one more reference change and the PR is good to merge. Thank you. |
…ng_algorithm/set_password_hashing_algorithm_commonauth/rule.yml Thx @vojtapolasek Co-authored-by: vojtapolasek <krecoun@gmail.com>
@teacup-on-rockingchair: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Description:
Rationale: