Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New rules to complete CIS requirements for SSH Keys #10552

Merged
merged 9 commits into from
May 11, 2023
Merged

New rules to complete CIS requirements for SSH Keys #10552

merged 9 commits into from
May 11, 2023

Commits on May 11, 2023

  1. Introduce file_ownership_sshd_private_key rule

    @marcusburghardt
    marcusburghardt committed May 11, 2023
    Configuration menu
    Copy the full SHA
    55a4341 View commit details
    Browse the repository at this point in the history

  2. Remove unnecessary blank lines in templates 

    The Bash and Ansible remediation generated by the file_owner and
file_groupowner templates were including many unnecessary blank lines at
the beginning of the resulted remediations due to the way the jinja2
lines were declared. It was fixed to remove the unnecessary spaces at
the beginning.
    @marcusburghardt
    marcusburghardt committed May 11, 2023
    Configuration menu
    Copy the full SHA
    89dc9cc View commit details
    Browse the repository at this point in the history

  3. Include id attribute to dedicated_ssh_keyowner 

    The id attribute was included by product so new templated rules using
the file_groupowner template can use this attribute more flexibly.
    @marcusburghardt
    marcusburghardt committed May 11, 2023
    Configuration menu
    Copy the full SHA
    68e0205 View commit details
    Browse the repository at this point in the history

  4. Introduce file_groupownership_sshd_private_key rule

    @marcusburghardt
    marcusburghardt committed May 11, 2023
    Configuration menu
    Copy the full SHA
    c6d3d3c View commit details
    Browse the repository at this point in the history

  5. Update CIS control files for RHEL 

    The requirement 5.3.2 for RHEL7 and 5.2.2 for RHEL8 and RHEL9 were
updated to automated after the inclusion of new rules related to owner
and group-owner of ssh private keys.
    @marcusburghardt
    marcusburghardt committed May 11, 2023
    Configuration menu
    Copy the full SHA
    03e23cb View commit details
    Browse the repository at this point in the history

  6. Introduce file_ownership_sshd_pub_key rule

    @marcusburghardt
    marcusburghardt committed May 11, 2023
    Configuration menu
    Copy the full SHA
    26caabf View commit details
    Browse the repository at this point in the history

  7. Introduce file_groupownership_sshd_pub_key rule

    @marcusburghardt
    marcusburghardt committed May 11, 2023
    Configuration menu
    Copy the full SHA
    67c6661 View commit details
    Browse the repository at this point in the history

  8. Update CIS control files for RHEL 

    The requirement 5.3.3 for RHEL7 and 5.2.3 for RHEL8 and RHEL9 were
updated to automated after the inclusion of new rules related to owner
and group-owner of ssh public keys.
    @marcusburghardt
    marcusburghardt committed May 11, 2023
    Configuration menu
    Copy the full SHA
    aa559cb View commit details
    Browse the repository at this point in the history

  9. Include missing CIS reference for RHEL7

    @marcusburghardt
    marcusburghardt committed May 11, 2023
    Configuration menu
    Copy the full SHA
    791d47c View commit details
    Browse the repository at this point in the history