-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add profile for SUSE SAP Public Cloud Images #9571
Add profile for SUSE SAP Public Cloud Images #9571
Conversation
SUSE provides SUSE Linux Enterprise Server for SAP Applications images to public cloud providers. We found that our general (non-SAP) cloud hardened image profile was incompatible with SAP installation. The following rules in the pcs-hardening.profile - accounts_umask_etc_login_defs - accounts_umask_etc_profile - service_firewalld_enabled - sshd_disable_root_login - sshd_set_max_auth_tries Needed to be removed.
Hi @brett060102. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@brett060102 Have you considered that the pcs-hardening profile could extend the pcs-hardening profile and remove the rules? We do similar thing in RHEL 9 where the stig_gui profile extends the stig profile and removes from it the rule xwindows_remove_packages using exclamation mark: https://github.com/ComplianceAsCode/content/blob/master/products/rhel9/profiles/stig_gui.profile That would help if the profiles need to be kept synchronized. |
In response to code review. Instead of duplicating contents of pcs-hardening, use extend and then remove the rules we don't want.
@jan-cerny Thank you. I did not know about extend and remove until now. It is way cool and just what this change needed. |
Code Climate has analyzed commit f88cf37 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 40.7% (0.0% change). View more on Code Climate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great! it seems that it works!
Add profile for SUSE SAP Public Cloud Images
Description:
Rationale: