Own attribute namespace for os-hardening #114

Merged
merged 1 commit into from May 29, 2016

Conversation

Projects
None yet
3 participants
@joshmyers
Contributor

joshmyers commented May 13, 2016

This upstream cookbook looks good, but the attribute name spacing is
less than ideal. This is first attempt to clean this up and make this a
useable cookbook.

See: #88

PP-174 OS hardening
This upstream cookbook looks good, but the attribute name spacing is
less than ideal. This is first attempt to clean this up and make this a
useable cookbook.

See: #88
@@ -43,8 +43,6 @@ We deprecated `sysctl` version before `0.6.0`. Future versions of this cookbook
## Attributes
-* `['desktop']['enable'] = false`

This comment has been minimized.

@chris-rock

chris-rock May 29, 2016

Member

any reason why this was removed?

@chris-rock

chris-rock May 29, 2016

Member

any reason why this was removed?

@@ -88,9 +86,9 @@ We deprecated `sysctl` version before `0.6.0`. Future versions of this cookbook
* `['security']['suid_sgid']['dry_run_on_unknown'] = false`
like `remove_from_unknown` above, only that SUID/SGID bits aren't removed.
It will still search the filesystems to look for SUID/SGID bits but it will only print them in your log. This option is only ever recommended, when you first configure `remove_from_unknown` for SUID/SGID bits, so that you can see the files that are being changed and make adjustments to your `whitelist` and `blacklist`.
-* `['security']['packages']['clean'] = true`
+* `['security']['os-hardening']['packages']['clean'] = true`

This comment has been minimized.

@chris-rock

chris-rock May 29, 2016

Member

this should be ['os-hardening']['security']['packages']

@chris-rock

chris-rock May 29, 2016

Member

this should be ['os-hardening']['security']['packages']

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock May 29, 2016

Member

superseeds #88

Member

chris-rock commented May 29, 2016

superseeds #88

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock May 29, 2016

Member

Great work @joshmyers LGTM, once we fixed the highlighted issues

Member

chris-rock commented May 29, 2016

Great work @joshmyers LGTM, once we fixed the highlighted issues

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock May 29, 2016

Member

Highlighted issues are fixed in following PRs.

Member

chris-rock commented May 29, 2016

Highlighted issues are fixed in following PRs.

@chris-rock chris-rock merged commit 106585d into dev-sec:master May 29, 2016

1 check failed

continuous-integration/travis-ci/pr The Travis CI build could not complete due to an error
Details
@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock May 29, 2016

Member

This will be released as part of the 2.0 version of this cookbook

Member

chris-rock commented May 29, 2016

This will be released as part of the 2.0 version of this cookbook

chris-rock added a commit that referenced this pull request May 29, 2016

rollbrettler pushed a commit to rollbrettler/chef-os-hardening that referenced this pull request Sep 16, 2016

Merge pull request #114 from atomic111/master
Use new InSpec integration tests

@artem-sidorenko artem-sidorenko changed the title from PP-174 OS hardening to Own attribute namespace for os-hardening Apr 6, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment