New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop firewalld default zone and sshd port fixes #2328
Drop firewalld default zone and sshd port fixes #2328
Conversation
Providing a fix for 'firewalld_sshd_port_enabled' can be very complicated and will very likely not fit to everyone's use case. And because of that we drop remediation for 'set_firewalld_sshd_port', which is causing the remediated machine to refuse all connections.
@openscap-ci test this please |
1 similar comment
@openscap-ci test this please |
I would prefer to comment these because otherwise somebody will re-add them. It's also not good to lose arguably good fixes. |
I'm afraid that empty remediation might cause bad user experience. |
Crap, didn't realize that. OK then. ACK |
Maybe we need to introduce some kind of sample/example remediation system, this remediation would be present in source code but not used by build system during build. Would other remediations benefit from this sample/example remediation mechanism? |
The proper fix for #2202 is to have a remediation for
firewalld_sshd_port_enabled
which set ups a firewalld zone with SSH and an interface assigned to it.But providing a good fix for
firewalld_sshd_port_enabled
can be very complicatedand will very likely not fit to everyone's use case. And because of that
we will drop remediation for
set_firewalld_default_zone
, which is causing theremediated machine to lock down and refuse all connections.
Existent test cases for 'firewalld_sshd_port_enabled' are kept because they are still useful to test the OVAL definition.