Skip entropy tests and disable auditd tests #117
Conversation
basically just the copy&paste from chef-os-hardening
| include_controls 'linux-baseline' do | ||
| # skip entropy test, as our short living test VMs usually do not | ||
| # have enough | ||
| skip_control 'os-08' |
There was a problem hiding this comment.
Just as an alternative: I install the haveged package on all my systems to feed the random devices ... would it be possible to start this daemon also in the testing vm's?
There was a problem hiding this comment.
@mcgege should we make it for testing only? Or should it be a general part of implementations?
There was a problem hiding this comment.
Well, I think it won't harm to implement it as a general solution, but there might be other ways to solve this out there. This is just my recommendation to be compliant here ...
Could this be easily implemented for testing?
There was a problem hiding this comment.
I tried to go with haveged way: its possible, however the code isn't really two lines of code. For CentOS haveged is located within EPEL, so we need to install epel-release on RH family (and only on RH, so its an additional check) and so on. I personally would like to keep the skip_control way, as the haveged implementation is much more bigger. Is it okay for you?
basically just the copy&paste from chef-os-hardening