Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OPENSCAP-5464: Use more fine granular audit rules for E8 and ISM profiles in RHEL #13149

Merged
merged 5 commits into from
Mar 11, 2025
Merged

OPENSCAP-5464: Use more fine granular audit rules for E8 and ISM profiles in RHEL #13149

merged 5 commits into from
Mar 11, 2025

Conversation

ggbecker
Copy link
Member

@ggbecker ggbecker commented Mar 6, 2025

Description:

  • Use more fine granular audit rules for E8 and ISM profiles in RHEL

Rationale:

  • These fine granular rules contain Ansible remediation which makes the content more complete.

Fixes #13125

ggbecker added 4 commits March 6, 2025 15:25
@ggbecker
Update RHEL E8/ISM_O profiles to use fine granular audit rules.
1365853 
Instead of audit_rules_usergroup_modification use
  audit_rules_usergroup_modification_group
  audit_rules_usergroup_modification_gshadow
  audit_rules_usergroup_modification_opasswd
  audit_rules_usergroup_modification_passwd
  audit_rules_usergroup_modification_shadow
@ggbecker
Use fine granular rules for audit_rules_unsuccessful_file_modification
355cf6d 
In RHEL10 ISM_O control file since the original rule doesn't have
ansible remediation.
@ggbecker
Use fine granular rules for audit rules login events.
40545ce
@ggbecker
Update stable profile test data.
023e6d2
@ggbecker ggbecker added the bugfix Fixes to reported bugs. label Mar 6, 2025
@ggbecker ggbecker added this to the 0.1.77 milestone Mar 6, 2025
@ggbecker ggbecker requested a review from a team as a code owner March 6, 2025 15:47
@ggbecker
Copy link
Member Author

ggbecker commented Mar 7, 2025

/packit retest-failed

1 similar comment
@ggbecker
Copy link
Member Author

/packit retest-failed

@jan-cerny jan-cerny self-assigned this Mar 10, 2025
@jan-cerny
Copy link
Collaborator

/packit retest-failed

jan-cerny
jan-cerny requested changes Mar 10, 2025
View reviewed changes
products/rhel9/profiles/e8.profile
@@ -107,7 +107,6 @@ selections:
- audit_rules_login_events_tallylog
- audit_rules_login_events_faillock
- audit_rules_login_events_lastlog
- audit_rules_login_events
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add the removed rules to the RHEL 9 default profile so that they will be kept in the built RHEL 9 data stream.

@ggbecker ggbecker requested a review from jan-cerny March 10, 2025 15:29
jan-cerny
jan-cerny requested changes Mar 10, 2025
View reviewed changes
products/rhel9/profiles/default.profile
@@ -574,3 +574,4 @@ selections:
- file_permissions_etc_audit_rulesd
- configure_openssl_tls_crypto_policy
- configure_openssl_crypto_policy
- audit_rules_login_events
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add also the other removed rules (audit_rules_usergroup_modification and audit_rules_unsuccessful_file_modification) to prevent their removal from RHEL 9 data stream.

@codeclimate CodeClimate
Copy link

codeclimate bot commented Mar 10, 2025

Code Climate has analyzed commit e7cb339 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 62.0% (0.0% change).

View more on Code Climate.

@jan-cerny jan-cerny merged commit 19d56a0 into ComplianceAsCode:master Mar 11, 2025
111 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny

Assignees

@jan-cerny jan-cerny

Labels
bugfix Fixes to reported bugs.
Projects
None yet
Milestone
0.1.77
Development

Successfully merging this pull request may close these issues.

Some audit_rules_* are missing Ansible remediation
2 participants
@ggbecker @jan-cerny