Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review CIS RHEL8 v3.0.0 Section 3 #11469

Merged
merged 36 commits into from
Jan 26, 2024
Merged

Review CIS RHEL8 v3.0.0 Section 3 #11469

merged 36 commits into from
Jan 26, 2024

Conversation

Mab879
Copy link
Member

@Mab879 Mab879 commented Jan 24, 2024

Description:

Review the cis_rhel8.yml control file and update section 3 networking in alignment to CIS RHEL 8 v3.0.0.

Rationale:

Keep RHEL 8 profiles updated with CIS RHEL 8 last version.

@Mab879 Mab879 added Update Profile Issues or pull requests related to Profiles updates. RHEL8 Red Hat Enterprise Linux 8 product related. CIS CIS Benchmark related. labels Jan 24, 2024
@Mab879 Mab879 requested a review from a team as a code owner January 24, 2024 16:18
@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@marcusburghardt marcusburghardt self-assigned this Jan 25, 2024
marcusburghardt
marcusburghardt requested changes Jan 25, 2024
View reviewed changes
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update @Mab879 . I have some minor comments about titles and some considerations about references.

controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml
- l1_workstation
status: automated
rules:
- set_firewalld_default_zone
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should remove the cis@rhel8 references on these rules no longer mentioned in the control file.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Already removed

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately I can still see cis@rhel8: references in rule no longer mentioned in control file.
Basically are rules removed by this commit 8f140f6

We can try to clean-up this after, but doing it now would be good.

controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml Show resolved Hide resolved
controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml Show resolved Hide resolved
@marcusburghardt marcusburghardt added this to the 0.1.72 milestone Jan 25, 2024
marcusburghardt
marcusburghardt requested changes Jan 25, 2024
View reviewed changes
controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml Show resolved Hide resolved
controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml Show resolved Hide resolved
controls/cis_rhel8.yml Show resolved Hide resolved
marcusburghardt
marcusburghardt requested changes Jan 25, 2024
View reviewed changes
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is almost ready except for few more issues related to references. They could even be fixed in another smaller PR without problem, but unfortunately the profile stability test is also failing so we can't merge it.

linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml Outdated Show resolved Hide resolved
@openshift-merge-robot openshift-merge-robot added the needs-rebase Used by openshift-ci bot. label Jan 25, 2024
Mab879 added 19 commits January 25, 2024 16:52
Mab879 added 17 commits January 25, 2024 16:52
@Mab879
Update section 3.4.1.2 RHEL 8 CIS
da4ef35
@Mab879
Update section 3.4.2.1 RHEL 8 CIS
fe49f34
@Mab879
Update section 3.4.2.2 RHEL 8 CIS
29bcbaa
@Mab879
Update section 3.4.2.3 RHEL 8 CIS
55f0de5
@Mab879
Update section 3.4.2.4 RHEL 8 CIS
a64b147
@Mab879
Update section 3.4.2.5 RHEL 8 CIS
a35b987
@Mab879
Remove unused section 3 controls for RHEL 8 CIS
aade751
@Mab879
Update rule file references for RHEL 8 CIS
474a6fd
@Mab879
Add rules to Ensure host based firewall loopback traffic is configure…
4773fbe 
…d for RHEL 8 CIS

Closes ComplianceAsCode#5246
@Mab879
Adjust title for 3.3.10 RHEL 8 CIS
00f4dda
@Mab879
Adjust title for 3.4.2.4 RHEL 8 CIS
00e09a9
@Mab879
Update RHEL 8 CIS 3.1.3
160da5f
@Mab879
Update RHEL 8 CIS Section 3 based on reviewer comments
3f0745f
@Mab879
Remove CIS@rhel8 reference from set_firewalld_default_zone
f138fb7
@Mab879
Add missing CCE to rules
c12ea21
@Mab879
Fix more review issues on CIS RHEL 8 section 3
e7b6987
@Mab879
Update RHEL 8 PCI DSS stability
908eb8a
@Mab879 Mab879 force-pushed the rhel_8_cis_section_3 branch from 34cb367 to 908eb8a Compare January 25, 2024 22:55
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Used by openshift-ci bot. label Jan 25, 2024
@codeclimate CodeClimate
Copy link

codeclimate bot commented Jan 25, 2024

Code Climate has analyzed commit 908eb8a and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 58.5% (0.0% change).

View more on Code Climate.

marcusburghardt
marcusburghardt approved these changes Jan 26, 2024
View reviewed changes
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great. Thanks @Mab879

@marcusburghardt marcusburghardt merged commit 8f3f429 into ComplianceAsCode:master Jan 26, 2024
41 of 43 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcusburghardt marcusburghardt marcusburghardt approved these changes

Assignees

@marcusburghardt marcusburghardt

Labels
CIS CIS Benchmark related. RHEL8 Red Hat Enterprise Linux 8 product related. Update Profile Issues or pull requests related to Profiles updates.
Projects
None yet
Milestone
0.1.72
Development

Successfully merging this pull request may close these issues.
3 participants
@Mab879 @marcusburghardt @openshift-merge-robot