Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync rules for RHEL 9 STIG #9788

Merged
merged 39 commits into from
Dec 1, 2022
Merged

Sync rules for RHEL 9 STIG #9788

merged 39 commits into from
Dec 1, 2022

Conversation

Mab879
Copy link
Member

@Mab879 Mab879 commented Nov 8, 2022
edited
Loading

Description:

This pull request brings in the latest RHEL 9 STIG process changes.

Rationale:

Sync the latest RHEL 9 STIG to the repo.

Review Hints:

The output (which is attached) from the utils/srg_diff.py script will not be perfect. The rules that are missing (on both sides) are by design. We will have minor differences due to the need for rules like dconf_db_up_to_date for technical reasons. Some rules are combined in the STIG but are separate on our side. This is true in the audit and cron permission rules. Most of the rules under "Missing in Target" need to remove in later revisions when working with the compliance body.
srg_diff.html.txt

@Mab879 Mab879 added RHEL9 Red Hat Enterprise Linux 9 product related. Update Profile Issues or pull requests related to Profiles updates. STIG STIG Benchmark related. labels Nov 8, 2022
@github-actions
Copy link

github-actions bot commented Nov 8, 2022

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Nov 8, 2022
@openshift-ci
Copy link

openshift-ci bot commented Nov 8, 2022

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@Mab879 Mab879 force-pushed the sync_rules_to_rhel_9_stig branch 2 times, most recently from 5046c2f to 64f5123 Compare November 15, 2022 22:25
@Mab879
Copy link
Member Author

Mab879 commented Nov 16, 2022

It's looking like some of my changes have bugged out CTF. I assume that is due to my whitespace-only changes.

@Mab879 Mab879 marked this pull request as ready for review November 16, 2022 17:58
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Nov 16, 2022
@Mab879 Mab879 added this to the 0.1.66 milestone Nov 22, 2022
@Mab879
Copy link
Member Author

Mab879 commented Nov 30, 2022

/retest

Mab879 added 17 commits November 30, 2022 10:25
@Mab879
Sync rules for RHEL 9 STIG
19298b3
@Mab879
Remove configure_kerberos_crypto_policy from the RHEL 9 STIG
cf954b4
@Mab879
Update cron file permissions rules from RHEL 9 STIG
5c0f57e
@Mab879
Update service rules for RHEL 9 STIG
12ad712
@Mab879
Package and service rule update for RHEL 9
12e49b6
@Mab879
Update SSHD rules for RHEL 9 STIG
8bd4574
@Mab879
Update GPG rules for RHEL 9 STIG
14c50df
@Mab879
Update postfix rules for RHEL 9 STIG
c76a6f1
@Mab879
Update GNOME rules for RHEL 9 STIG
4fd3756
@Mab879
Update NFS rules for RHEL 9 STIG
2c71196
@Mab879
Update package rules for RHEL 9 STIG
eac6b75
@Mab879
Update important file ownership for RHEL 9 STIG
136bb37
@Mab879
Update networking sysctl for RHEL 9 STIG
b146b7d
@Mab879
Update audit rules for RHEL 9 STIG
68dcf84
@Mab879
Update USB guard rules for RHEL 9 STIG
defd14e
@Mab879
Audit and auditd config rules for RHEL 9 STIG
f78cefa
@Mab879
Tmux rules for RHEL 9 STIG
799fded
Mab879 added 18 commits November 30, 2022 10:25
@Mab879
Update system restrictions rules for RHEL 9 STIG
1883e1e
@Mab879
Update accounts restrictions rules for RHEL 9 STIG
5403d1c
@Mab879
Upadate crypto rules for RHEL 9 STIG
1680da4
@Mab879
Update file permission rules RHEL 9 STIG
14f63a7
@Mab879
Update lockout rules for RHEL 9 STIG
1840c98
@Mab879
Update GRUB 2 rules for RHEL 9 STIG
4d83ea2
@Mab879
Update password quality rules for RHEL 9 STIG
85e1a3e
@Mab879
Update accounts physical rules for RHEL 9 STIG
b2334f1
@Mab879
Update OS is updated or RHEL 9 STIG
85f54a6
@Mab879
Update TFTP rule for RHEL 9 STIG
703e32a
@Mab879
Update some auth rules for RHEL 9 STIG
4f8778b
@Mab879
Update account session rules for RHEL 9 STIG
2eff81f
@Mab879
Update partition rules for RHEL 9 STIG
13def49
@Mab879
Update chronyd_server_directive for the RHEL 9 STIG
ca5af22
@Mab879
Update audit and logging rules for RHEL 9 STIG
5343db0
@Mab879
Update kernel_module_can_disabled for RHEL 9 STIG
e01d3af
@Mab879
Whitespace update
56b7308 
This commit cleans up white errors around the project.
@Mab879
Fix build bug
50bf3bc
@Mab879 Mab879 force-pushed the sync_rules_to_rhel_9_stig branch from 7237679 to 50bf3bc Compare November 30, 2022 16:25
@openshift-ci
Copy link

openshift-ci bot commented Nov 30, 2022

@Mab879: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-rhcos4-high 78a01cc link true /test e2e-aws-rhcos4-high

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@codeclimate
Copy link

codeclimate bot commented Nov 30, 2022

Code Climate has analyzed commit 78a01cc and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 48.6% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 mentioned this pull request Nov 30, 2022
Merged
@Mab879
Copy link
Member Author

Mab879 commented Nov 30, 2022

The CTF issues should be fixed by: ComplianceAsCode/content-test-filtering#37

@mildas
Copy link
Contributor

mildas commented Dec 1, 2022

CTF fix has been merged. Re-running all Automatus related checks

@matejak
Copy link
Member

matejak commented Dec 1, 2022

Merging, as it is not the final RHEL9 STIG related content, and the PR touches the non-functional metadata files only.

@matejak matejak merged commit b18974c into ComplianceAsCode:master Dec 1, 2022
@Mab879 Mab879 deleted the sync_rules_to_rhel_9_stig branch December 2, 2022 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matejak matejak matejak approved these changes

Assignees
No one assigned
Labels
RHEL9 Red Hat Enterprise Linux 9 product related. STIG STIG Benchmark related. Update Profile Issues or pull requests related to Profiles updates.
Projects
None yet
Milestone
0.1.66
Development

Successfully merging this pull request may close these issues.
3 participants
@Mab879 @mildas @matejak