Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework SCA Policy for CentOS Linux 7 #17624

Merged
merged 11 commits into from Sep 1, 2023
Merged

Rework SCA Policy for CentOS Linux 7 #17624

merged 11 commits into from Sep 1, 2023

Conversation

jk-olaoluwa
Copy link
Member

@jk-olaoluwa jk-olaoluwa commented Jun 21, 2023
edited by ooniagbi

Component Action type Main Issue
SCA Rework #14358

Main tasks

  • Use the latest CIS benchmark PDF from https://downloads.cisecurity.org/#/ - CIS CentOS Linux 7 Benchmark v3.1.2
  • Verify IDs numbers.
  • Verify texts are correct: Title, Description, Rationale and Remediation.
  • Verify Compliance: CIS, CIS_CSC.
  • Verify condtion and rules:
    • To Pass.
    • To Fail.

Checks

Syntax and semantic

  • a) ID of each policy must be contiguous.
  • b) The order and format set in Documentation must be respected.
  • c) YML must be valid to avoid errors.

Content

  • a) Compare each check with its analogue from CIS Benchmark.
  • b) Try to maintain each rule as similar as possible with the Audit section from the CIS check.
  • c) Check that the commands provide the expected output.
  • d) When a failure is discovered, check similar policies to avoid repetition of the issue.

Unit testing

  • a) Output from agent.log after the SCA scan and a raw output of the result of the checks.
Tests results

Analysisd (server or local)

analysisd.debug=2

Auth daemon debug (server)

authd.debug=0

Exec daemon debug (server, local, or Unix agent)

execd.debug=0

Monitor daemon debug (server, local, or Unix agent)

monitord.debug=0

Log collector (server, local or Unix agent)

logcollector.debug=0

Integrator daemon debug (server, local or Unix agent)

integrator.debug=0

Unix agentd

agent.debug=2

Deployment

  • a) If the policy it's new, it must be added to the sca.files templates.
  • b) If the OS has many supported SCA policies, a policy must be set as default policy. (as example)

@jk-olaoluwa jk-olaoluwa linked an issue Jun 21, 2023 that may be closed by this pull request
Rework SCA Policy for CentOS Linux 7 #14359
Closed
17 tasks
@jk-olaoluwa jk-olaoluwa self-assigned this Jun 21, 2023
@jk-olaoluwa jk-olaoluwa added type/bug Something isn't working type/enhancement New feature or request feed/sca Security Configuration Assessment policies related issues level/epic labels Jun 21, 2023
@ooniagbi ooniagbi self-requested a review September 1, 2023 11:07
@ooniagbi ooniagbi marked this pull request as ready for review September 1, 2023 11:08
ooniagbi
ooniagbi approved these changes Sep 1, 2023
View reviewed changes
Copy link
Member

@ooniagbi ooniagbi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ooniagbi ooniagbi merged commit 2788062 into master Sep 1, 2023
@ooniagbi ooniagbi deleted the rework-sca-policy-for-centos-linux-7 branch September 1, 2023 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ooniagbi ooniagbi ooniagbi approved these changes

Assignees

@jk-olaoluwa jk-olaoluwa

Labels
feed/sca Security Configuration Assessment policies related issues level/epic type/bug Something isn't working type/enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Rework SCA Policy for CentOS Linux 7
2 participants
@jk-olaoluwa @ooniagbi