Conversation
chris-rock
left a comment
chris-rock
left a comment
There was a problem hiding this comment.
I think that is a helpful improvement @tomhaynes
atomic111
left a comment
atomic111
left a comment
There was a problem hiding this comment.
@tomhaynes makes sense. thanks for chaning this
|
@chris-rock @atomic111 this change has broken the tests for chef-os-hardening. As we currently are not managing the audit configuration, any ideas how to handle this? (I do not have time to implement it now) Should we create an issue in the implementation repo and disable this test for now? |
|
I created dev-sec/chef-os-hardening#182 and dev-sec/chef-os-hardening#181 |
|
We could pin to released versions of the benchmark... |
|
@chris-rock Hm, okay. But this would lead to a recurrent version repining, right? |
|
yes, unfortunately. I am open to any other idea |
|
@chris-rock I do not have any other idea :\ For me personally its easier to live with a current setup (#55 would make it even better). But if somebody has a better idea, I would be also happy to hear it |
5 participants
For CIS v2.1:
4.1.1.3 Ensure audit logs are not automatically deleted:
Audit:
Run the following command and verify output matches:
max_log_file_action = keep_logs