-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ubuntu Linux 22.04 SCA Policy - Update and rework - checks 1.2 to 1.7.6 #3443
Comments
Testing results π΄1.3.1 π΄
Current rule:
Expected rule:
Output:
Expected True - π΄
1.4.1 π’
Expected False - π’
1.4.2 π΄
Current rule does not check if
Output:
Expected True - π΄
1.4.3 π΅
Regarding the audit command proposed for CIS:
Only if no results is return check will be marked as passed.
1.5.2 π΄
Error present in check rule
1.5.3 π΄
Error present in check rule
1.5.4 π΄
CIS suggests adding suid parameter only in one of them.
CIS suggests adding hard parameter only in one of them.
Expected Failed - π’ 1.6.1.1 π΄
Error in check rule:
Current rule:
Expected rule:
1.6.1.2 π΄
Missing check:
Expected Failed - π’
|
Update - 28/10/2022
|
Solved syntax and rules Issues. please review faulted checks 1.3.1-1.6.1.2 |
Testing after requested changes
Results1.3.1 π’
Output:
Expected Fail - π’ 1.4.1 π’
Expected Fail - π’ Changed from
to:
1.4.2 π’
Output:
Expected Failed - π’ 1.4.3 π’
Expected Failed - π’ 1.5.2 π’
Output:
Expected Fail - π’ 1.5.3 π΄
Bad rule, Output:
Expected Failed - π’ 1.5.4 π΄
Users only have to have this configuration in the
Output:
Expected - π’ 1.6.1.1 π΄
Extra whitespace in command Output:
Expected Passed - π’ 1.6.1.2 π’
Expected Fail- π’
1.6.1.3 π΄
Rules do not check if profiles are in enforce or complain mode, only ensure they are loaded. Output:
Expected Failed - π’ 1.6.1.4 π΄
As in 1.6.1.3 check, we should ensure no profiles are in kill or unconfined mode too. Output:
Expected - π’ 1.7.2 π’
Expected Passed - π’
1.7.2 π’
Expected Failed - π’
1.7.3 π’
Expected Failed - π’
1.7.4 π’
Output:
Expected Passed- π’
1.7.5 π’
Output:
Expected Passed- π’
1.7.6 π’
Output:
Expected Passed - π’
Conclusion π΄
|
Update - 31/10/2022 |
Update - 02/11/2022 |
Update 02/11/2022
|
Testing after requested changes
ChecksMultiple checks from the previous testing were not fixed π΄Regarding the second testing, it has been detected that multiple errors in rules were not solved:
It is suggested to fix all previously detected issues before performing full manual testing. If some of the previous suggestions do not proceed for the policy, it is necessary a validation with the @wazuh/qa team. Conclusions π΄No full manual testing was performed due to some of the errors specified in the first testing were not solved. If any of the proposed suggestions does not proceed, it requires validation for the developer, @fabamatic, and the @wazuh/qa. For more information review the |
Update - 03/11/2022 |
Sorry about previous request. Found errors should be fixed now |
Testing after requested changes π΄
ResultsPolicy misformatting - Failed to load YAML π΄Check1.5.4 include an error in formatting, making all policy fails:
1.5.3 π’
Output:
Expected Failed - π’
1.5.4 π΄
Bad formatting
1.6.1.1 π’
Output:
Expected Passed - π’
1.6.1.3 π΄
Some rules does not contains comprator value:
Expected Passed - π΄
1.6.1.4 π΄
Some rules does not contains comprator value:
Expected Passed - π΄
|
Update - 07/11/2022 |
Sorry again, somehow commited wrong format in 1.5.4. Should be fixed now |
Testing after requested changes π‘
Results1.5.4 π‘
Check marked as fail in case of code dump not installed in the system. Impossible to handle due to current SCA limitations. 1.6.1.3 π’
1.6.1.4 π’
|
Closing conclusion ππΌ
All bugs encountered and reported have been solved in this development: (1) Error in rules and checks π’
|
Will review, will open issue in the wazuh/wazuh repo for better tracking. Thanks. |
The text was updated successfully, but these errors were encountered: