New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SINGLE and PROMPT parameters. #92

Merged
merged 2 commits into from Nov 24, 2015

Conversation

Projects
None yet
2 participants
@foonix
Contributor

foonix commented Oct 12, 2015

Changing settings for SINGLE and PROMPT is required for CIS 1.5.4 - 1.5.5. This PR enables these to be set and sets the recommended settings by default.

@foonix foonix closed this Oct 22, 2015

@foonix foonix reopened this Oct 22, 2015

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock Oct 28, 2015

Member

great addition @foonix We had some troubles with latest travis tests. We fixed those in our latest master. Could you rebase your branch please?

Member

chris-rock commented Oct 28, 2015

great addition @foonix We had some troubles with latest travis tests. We fixed those in our latest master. Could you rebase your branch please?

@foonix

This comment has been minimized.

Show comment
Hide comment
@foonix

foonix Oct 28, 2015

Contributor

Done, thanks!

Contributor

foonix commented Oct 28, 2015

Done, thanks!

@@ -21,14 +21,14 @@ SETCOLOR_WARNING="echo -en \\033[0;33m"
# terminal sequence to reset to the default color.
SETCOLOR_NORMAL="echo -en \\033[0;39m"
# Set to anything other than 'no' to allow hotkey interactive startup...
PROMPT=yes
PROMPT=<%= @prompt ? 'yes' : 'no' %>

This comment has been minimized.

@chris-rock

chris-rock Nov 19, 2015

Member

you changed the default from yes to no, is that intentional?

@chris-rock

chris-rock Nov 19, 2015

Member

you changed the default from yes to no, is that intentional?

# Set to 'yes' to allow probing for devices with swap signatures
AUTOSWAP=no
# What ttys should gettys be started on?
ACTIVE_CONSOLES=/dev/tty[1-6]
# Set to '/sbin/sulogin' to prompt for password on single-user mode
# Set to '/sbin/sushell' otherwise
SINGLE=/sbin/sushell
SINGLE=<%= @single ? '/sbin/sulogin' : '/sbin/sushell' %>

This comment has been minimized.

@chris-rock

chris-rock Nov 19, 2015

Member

single is true by default. Can we switch to false as a default?

@chris-rock

chris-rock Nov 19, 2015

Member

single is true by default. Can we switch to false as a default?

@foonix

This comment has been minimized.

Show comment
Hide comment
@foonix

foonix Nov 20, 2015

Contributor

The CIS recommendations for server hardening are to set PROMPT=no and SINGLE=/sbin/sulogin. Would you like to switch back to the OS default? It's not a problem for me but it seemed the more secure settings would be good for defaults.

Contributor

foonix commented Nov 20, 2015

The CIS recommendations for server hardening are to set PROMPT=no and SINGLE=/sbin/sulogin. Would you like to switch back to the OS default? It's not a problem for me but it seemed the more secure settings would be good for defaults.

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock Nov 20, 2015

Member

@foonix I would like to make this a two step approach. First, add the flexibility, Second activate it. I'd like to ensure that we change behavior with the required version bump. Does that make any sense?

Member

chris-rock commented Nov 20, 2015

@foonix I would like to make this a two step approach. First, add the flexibility, Second activate it. I'd like to ensure that we change behavior with the required version bump. Does that make any sense?

@foonix

This comment has been minimized.

Show comment
Hide comment
@foonix

foonix Nov 23, 2015

Contributor

Thanks for the feedback. Done and done.

Contributor

foonix commented Nov 23, 2015

Thanks for the feedback. Done and done.

@chris-rock

This comment has been minimized.

Show comment
Hide comment
@chris-rock

chris-rock Nov 24, 2015

Member

@foonix Great work. Thank you very much!

Member

chris-rock commented Nov 24, 2015

@foonix Great work. Thank you very much!

chris-rock added a commit that referenced this pull request Nov 24, 2015

@chris-rock chris-rock merged commit bbd8e4a into dev-sec:master Nov 24, 2015

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage remained the same at 100.0%
Details

rndmh3ro pushed a commit to dev-sec/ansible-os-hardening that referenced this pull request Dec 20, 2015

@foonix foonix deleted the foonix:sysconfig-init-parameters branch Mar 11, 2016

rollbrettler pushed a commit to rollbrettler/chef-os-hardening that referenced this pull request Sep 16, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment