Tune some parameters for RedHat system #82
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
artem-sidorenko
requested changes
Oct 31, 2017
There was a problem hiding this comment.
@strangeman many thanks! It looks good for me and makes totally sense. Could you please address the one suggestion?
controls/os_spec.rb
Outdated
| @@ -18,6 +18,7 @@ | |||
| # author: Patrick Muench | |||
|
|
|||
| login_defs_umask = attribute('login_defs_umask', default: '027', description: 'Default umask to set in login.defs') | |||
| login_defs_umask = attribute('login_defs_umask', default: '077', description: 'Default umask to set in login.defs') if os.redhat? | |||
There was a problem hiding this comment.
what about default: os.redhat? ? '077' : '027' instead of second line?
artem-sidorenko
added a commit
to dev-sec/chef-os-hardening
that referenced
this pull request
Oct 31, 2017
dev-sec/linux-baseline#82 Signed-off-by: Artem Sidorenko <artem@posteo.de>
|
Done. Should I resolve conflict in my branch, or you can do it directly in PR? |
|
@strangeman thank you! yes, please rebase on the latest master and repush the branch |
strangeman
force-pushed
the
redhat-tunes
branch
from
18902f0
to
a5fb285
Compare
|
@artem-sidorenko all done, sorry for the delay. |
artem-sidorenko
approved these changes
Nov 7, 2017
There was a problem hiding this comment.
@strangeman thank you!
Then, lets break the tests of all os-hardening implementations :-)
This was referenced Nov 7, 2017
artem-sidorenko
added a commit
to dev-sec/chef-os-hardening
that referenced
this pull request
Feb 7, 2018
Fedora belongs in our tests to the RH family, lets make it explicitely here, as ohai detects platform_family on fedora as 'fedora' and not 'rhel'. See dev-sec/linux-baseline#82 for reference Signed-off-by: Artem Sidorenko <artem@posteo.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello. Some default parameters in RHEL and CentOS is more strict than current baseline checks, so I think we should make separate checks for them. I added links for Red Hat Enterprise Linux 6 Security Technical Implementation Guide, looks like its actual for EL 7 too.