update rule sles-15-040250 #10492
update rule sles-15-040250 #10492
Conversation
|
Hi @svet-se. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
This datastream diff is auto generated by the check Click here to see the full diffbash remediation for rule 'xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key' differs.
--- xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key
+++ xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key
@@ -4,7 +4,9 @@
for keyfile in /etc/ssh/*_key; do
test -f "$keyfile" || continue
if test root:root = "$(stat -c "%U:%G" "$keyfile")"; then
+
chmod u-xs,g-xwrs,o-xwrt "$keyfile"
+
elif test root:ssh_keys = "$(stat -c "%U:%G" "$keyfile")"; then
chmod u-xs,g-xws,o-xwrt "$keyfile"
else
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key' differs.
--- xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key
+++ xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key
@@ -1,6 +1,6 @@
- name: Find root:root-owned keys
- command: find -H /etc/ssh/ -maxdepth 1 -user root -regex ".*_key$" -type f -group
- root -perm /u+xs,g+xwrs,o+xwrt
+ ansible.builtin.command: find -H /etc/ssh/ -maxdepth 1 -user root -regex ".*_key$"
+ -type f -group root -perm /u+xs,g+xwrs,o+xwrt
register: root_owned_keys
changed_when: false
failed_when: false
@@ -24,7 +24,7 @@
- no_reboot_needed
- name: Set permissions for root:root-owned keys
- file:
+ ansible.builtin.file:
path: '{{ item }}'
mode: u-xs,g-xwrs,o-xwrt
state: file
@@ -49,8 +49,8 @@
- no_reboot_needed
- name: Find root:ssh_keys-owned keys
- command: find -H /etc/ssh/ -maxdepth 1 -user root -regex ".*_key$" -type f -group
- ssh_keys -perm /u+xs,g+xws,o+xwrt
+ ansible.builtin.command: find -H /etc/ssh/ -maxdepth 1 -user root -regex ".*_key$"
+ -type f -group ssh_keys -perm /u+xs,g+xws,o+xwrt
register: dedicated_group_owned_keys
changed_when: false
failed_when: false
@@ -74,7 +74,7 @@
- no_reboot_needed
- name: Set permissions for root:ssh_keys-owned keys
- file:
+ ansible.builtin.file:
path: '{{ item }}'
mode: u-xs,g-xws,o-xwrt
state: file |
svet-se
force-pushed
the
update-rule-sles-15-040250
branch
2 times, most recently
from
23985a9
to
d917240
Compare
|
@svet-se could you rebase this PR with the current master, please? This should solve the failed CI tests. |
svet-se
force-pushed
the
update-rule-sles-15-040250
branch
from
d917240
to
c60d1b4
Compare
|
hey @marcusburghardt Thanks for the advice, I've rebased to master. Have a nice day! |
linux_os/guide/services/ssh/file_permissions_sshd_private_key/ansible/shared.yml
Outdated
Show resolved
Hide resolved
linux_os/guide/services/ssh/file_permissions_sshd_private_key/ansible/shared.yml
Outdated
Show resolved
Hide resolved
svet-se
force-pushed
the
update-rule-sles-15-040250
branch
from
c60d1b4
to
7618409
Compare
|
Code Climate has analyzed commit 7618409 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 52.4% (0.0% change). View more on Code Climate. |
|
I see Automatus tests were not applicable: This PR is what most likely is causing: Because now we don't override https://github.com/ComplianceAsCode/content/pull/10453/files Update1: I think it's the new rules introduced in: #10552 that are causing the issue. |
jan-cerny
added
the
Update Rule
Description:
Rationale: