Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce Ol9 anssi profiles #9243

Merged
merged 3 commits into from
Jul 27, 2022
Merged

Introduce Ol9 anssi profiles #9243

merged 3 commits into from
Jul 27, 2022

Conversation

Xeicker
Copy link
Contributor

@Xeicker Xeicker commented Jul 26, 2022

Description:

  • Introduce OL9 anssi profiles, minimal, intermidiate, enhanced and high
  • Add OL9 prodtyoe to rules included in OL9 anssi profiles
  • Include OL9 in necessary jinja macros

Rationale:

  • This enhances scap-security-guide for OL9

@Xeicker
Introduce anssi profiles to ol9
f48fbd8 
Create the profiles from controls, and remove some rules which were
causing an undesired behavior. Also add ol9 prodtype where needed

Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
@Xeicker
Improve ol9 anssi rules wording
b2283a2 
This includes adding ol9 to jinja macros where needed

Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
@Xeicker
Include ol9 product to jinja conditionals
1dd8919 
Add ol9 to jinja so anssi profile builds as expected for this product.
Also removed an unnecesary file from a template

Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
@openshift-ci openshift-ci bot added the needs-ok-to-test Used by openshift-ci bot. label Jul 26, 2022
@openshift-ci
Copy link

openshift-ci bot commented Jul 26, 2022

Hi @Xeicker. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@codeclimate
Copy link

codeclimate bot commented Jul 26, 2022

Code Climate has analyzed commit 1dd8919 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 42.7% (0.0% change).

View more on Code Climate.

@jan-cerny jan-cerny self-assigned this Jul 27, 2022
@jan-cerny jan-cerny added this to the 0.1.64 milestone Jul 27, 2022
@jan-cerny jan-cerny added Oracle Linux Oracle Linux product related. New Profile Issues or pull requests related to new Profiles. ANSSI ANSSI Benchmark related. labels Jul 27, 2022
jan-cerny
jan-cerny approved these changes Jul 27, 2022
View reviewed changes
Copy link
Collaborator

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR.

Also, it's great that you removed the forgotten file shared/templates/sysctl/line_not_there.fail.sh.

@jan-cerny jan-cerny merged commit 367e2e4 into ComplianceAsCode:master Jul 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

Assignees

@jan-cerny jan-cerny

Labels
ANSSI ANSSI Benchmark related. needs-ok-to-test Used by openshift-ci bot. New Profile Issues or pull requests related to new Profiles. Oracle Linux Oracle Linux product related.
Projects
None yet
Milestone
0.1.64
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Xeicker @jan-cerny