Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OL7 stig v2r10 update #10125

Merged
merged 5 commits into from
Jan 25, 2023
Merged

OL7 stig v2r10 update #10125

merged 5 commits into from
Jan 25, 2023

Conversation

freddieRv
Copy link
Contributor

Description:

  • Bump OL7 stig profile version to v2r10
  • Update the XCCDF manual reference
  • Add rules sysctl_kernel_dmesg_restric and package_screen_installed to OL7 sitg profile
  • Update the audit failure mode for OL7 from panic to printk
  • Followed RHEL's approach from PR Change sshd_disable_compression applicability #10072 and introduced the ol7_older_than_7_4 applicability CPE and added it to the sshd_disable_compression rule

Rationale:

  • OL7 STIG efforts

@freddieRv
OL7 STIG v2r10 update
180e55b 
Bump version on both stig and stig_gui OL7 profiles to
v2r10

Update the XCCDF manual reference

Add rule package_screen_installed to OL7 stig profile

Signed-off-by: Federico Ramirez <federico.r.ramirez@oracle.com>
@freddieRv
Add sysctl_kernel_dmesg_restric rule to OL7 stig
9065a9e 
Signed-off-by: Federico Ramirez <federico.r.ramirez@oracle.com>
@freddieRv
Update audit failure mode for OL7
d8909cd 
Select the printk (1) value for the var_audit_failure_mode var for OL7.

Using the panic (2) value results in the system being shut down
when there is an audit failure. This meassure is too harsh and will
impact the system's availability.

Signed-off-by: Federico Ramirez <federico.r.ramirez@oracle.com>
@freddieRv
Introduce CPE for OL7 older than 7.4
a1167ca 
Signed-off-by: Federico Ramirez <federico.r.ramirez@oracle.com>
@freddieRv
Update sshd_disable_compression applicability
af36153 
Makes the rule sshd_disable_compression not applicable
for OL 7.4 and newer.

This makes the rule in sync with OL7 DISA STIG v2r10
requirement OL07-00-040470

Signed-off-by: Federico Ramirez <federico.r.ramirez@oracle.com>
@freddieRv freddieRv requested a review from a team as a code owner January 25, 2023 17:32
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@Mab879 Mab879 added this to the 0.1.67 milestone Jan 25, 2023
@Mab879 Mab879 added Oracle Linux Oracle Linux product related. Update Rule Issues or pull requests related to Rules updates. Update Profile Issues or pull requests related to Profiles updates. STIG STIG Benchmark related. labels Jan 25, 2023
@codeclimate
Copy link

codeclimate bot commented Jan 25, 2023

Code Climate has analyzed commit af36153 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 49.7%.

View more on Code Climate.

@Mab879 Mab879 self-assigned this Jan 25, 2023
@Mab879
Copy link
Member

Mab879 commented Jan 25, 2023

/packit retest-failed

@Mab879
Copy link
Member

Mab879 commented Jan 25, 2023

/retest

Mab879
Mab879 approved these changes Jan 25, 2023
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!

@Mab879
Copy link
Member

Mab879 commented Jan 25, 2023

I am overriding the CODEOWNERS file as @freddieRv can not merge this PR.

@Mab879 Mab879 merged commit e25b543 into ComplianceAsCode:master Jan 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
Oracle Linux Oracle Linux product related. STIG STIG Benchmark related. Update Profile Issues or pull requests related to Profiles updates. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.67
Development

Successfully merging this pull request may close these issues.
2 participants
@freddieRv @Mab879