Skip to content

Add openscap lockdown #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 12, 2015
Merged

Add openscap lockdown #121

merged 3 commits into from
Aug 12, 2015

Conversation

carbonin
Copy link
Member

@carbonin carbonin commented Aug 7, 2015

Added the Scap class which, given a list of openscap rule ids and values, will run an evaluation using a temporary profile and fix any failures.

carbonin
carbonin reviewed Aug 7, 2015
View reviewed changes
lib/linux_admin/scap.rb Outdated
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of these lines could potentially raise an OpenSCAPError. Is it better to let the caller of lockdown handle that or should we do something different?

@carbonin
Copy link
Member Author

carbonin commented Aug 7, 2015

Looks like the tests are failing because openscap isn't installed on the travis machine. Just requiring the openscap gem needs the package to be installed. @Fryguy How can we fix that?

Both "openscap" and "scap-security-guide" would need to be installed for the actual feature to work.

@Fryguy Fryguy mentioned this pull request Aug 11, 2015
Closed
@carbonin
Added Scap class to LinuxAdmin
525fa7a 
This class will run any specified SCAP rules and run remediation for any
failed tests by altering the xml files which are provided by the
package scap-security-guide.
@carbonin carbonin force-pushed the add_openscap_lockdown branch from 91a1462 to 525fa7a Compare August 11, 2015 21:02
@miq-bot
Copy link
Member

miq-bot commented Aug 12, 2015

Checked commits carbonin@4efd3bb .. carbonin@3732531 with rubocop 0.32.1 and haml-lint 0.13.0
3 files checked, 0 offenses detected
Everything looks good. ⭐

@carbonin carbonin mentioned this pull request Aug 12, 2015
Merged
Fryguy added a commit that referenced this pull request Aug 12, 2015
@Fryguy
Merge pull request #121 from carbonin/add_openscap_lockdown
730c6b4 
Add openscap lockdown
@Fryguy Fryguy merged commit 730c6b4 into ManageIQ:master Aug 12, 2015
kbrock
kbrock reviewed Aug 12, 2015
View reviewed changes
lib/linux_admin/scap.rb
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this cleaning things up properly?

Seems odd we are using Tempfile (cool) but copying the oval_file into tempdir. Could we use tempfile for this too?

@carbonin carbonin deleted the add_openscap_lockdown branch August 14, 2015 12:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@carbonin @miq-bot @kbrock @Fryguy