Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework PR 8977 - NginX - Add new sca files for MS IIS, MongoDB 3.6, Nginx, SQL Server and SLES #11248

Merged
merged 2 commits into from
Dec 28, 2021
Merged

Rework PR 8977 - NginX - Add new sca files for MS IIS, MongoDB 3.6, Nginx, SQL Server and SLES #11248

merged 2 commits into from
Dec 28, 2021

Conversation

72nomada
Copy link
Contributor

@72nomada 72nomada commented Dec 8, 2021

Related PR
#8977

Description

This PR reworks the changes added in the previous #8977

The effected changes were:

  • Reordered the ID of the checks to make them continuous.
  • Fixed wrongly implemented checks.
  • Added consistency to indexation.
  • Fixed YML format.

After these changes, another iteration will be needed to add the missing checks.

SCA Checks

Syntax and semantic

  • a) ID of each policy must be contiguous.
  • b) The order and format set in Documentation must be respected.
  • c) YML must be valid to avoid errors.

Content

  • a) Compare each check with its analogue from CIS Benchmark.
  • b) Try to maintain each rule as similar as possible with the Audit section from the CIS check.
  • c) Check that the commands provide the expected output.
  • d) When a failure is discovered, check similar policies to avoid repetition of the issue.

Unit testing

  • a) Output from agent.log after the SCA scan and a raw output of the result of the checks.
Tests results

Analysisd (server or local)

analysisd.debug=2

Auth daemon debug (server)

authd.debug=0

Exec daemon debug (server, local, or Unix agent)

execd.debug=0

Monitor daemon debug (server, local, or Unix agent)

monitord.debug=0

Log collector (server, local or Unix agent)

logcollector.debug=0

Integrator daemon debug (server, local or Unix agent)

integrator.debug=0

Unix agentd

agent.debug=2

Deployment

  • a) If the policy it's new, it must be added to the sca.files templates.
  • b) If the OS has many supported SCA policies, a policy must be set as default policy. (as example)

@72nomada 72nomada self-assigned this Dec 8, 2021
@72nomada 72nomada marked this pull request as draft December 8, 2021 09:30
@davidjiglesias davidjiglesias marked this pull request as ready for review December 27, 2021 16:26
@davidjiglesias davidjiglesias merged commit 49a7614 into 4.3 Dec 28, 2021
@davidjiglesias davidjiglesias deleted the 8977-nginx branch December 28, 2021 10:31
@72nomada 72nomada mentioned this pull request Jan 17, 2022
Merged
This was referenced Apr 28, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

@fabamatic fabamatic Awaiting requested review from fabamatic

@xrisbarney xrisbarney Awaiting requested review from xrisbarney

Assignees

@72nomada 72nomada

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@72nomada @chemamartinez @davidjiglesias