Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix multiple STIG id table generation #11016

Merged
merged 9 commits into from
Aug 23, 2023
Merged

Fix multiple STIG id table generation #11016

merged 9 commits into from
Aug 23, 2023

Conversation

ggbecker
Copy link
Member

Description:

  • Fix multiple STIG id table generation

Rationale:

Review Hints:

  • build RHEL8 content and inspect the table build/tables/table-rhel8-stig.html
  • rules that have multiple STIG ids assigned should appear more than once in the table

@ggbecker
Update the STIG overlay creation to support multiple STIG ids per rule.
9ae90fb
@ggbecker
Assign RHEL8 STIG id to service_rngd_enabled.
373d95c
@ggbecker
Assign RHEL-08-020028 to account_password_selinux_faillock_dir.
673a7cb 
Despite this STIG id is only applicable to RHEL<8.2. The rule does both
configurations that are applicable to RHEL<8.2 and RHEL>=8.2. So it
makes sense to keep both STIG ids here.
@ggbecker
Restrict accounts_passwords_pam_faillock_deny_root to RHEL>=8.2.
0dfb1a8 
https://stigaview.com/products/rhel8/v1r11/RHEL-08-020023
@ggbecker
Restrict accounts_passwords_pam_faillock_audit to RHEL>=8.2.
961bee7 
https://stigaview.com/products/rhel8/v1r11/RHEL-08-020021
@ggbecker
Assign more STIG ids to accounts_passwords_pam_faillock_dir.
103d48f 
This rule accounts covers both STIG ids assigned. The remediation
apparently only fixes el>=8.2 but the check accounts for password-auth
and faillock.conf files.
@ggbecker
Assign RHEL-08-020018 to accounts_passwords_pam_faillock_silent.
d4f1603 
This STIG id is also covered by this rule and there is no need to
restrict the platform since it covers both scenarios for el<8.2 and
el>=8.2.
@ggbecker
Assign RHEL-08-020014 to accounts_passwords_pam_faillock_unlock_time.
14ffcf0 
This rule covers both scenarios for el<8.2 and el>=8.2.
@ggbecker
Assign RHEL-08-020332 to no_empty_passwords.
c18174a 
This rule covers both scenarios for password-auth and system-auth file.
@ggbecker ggbecker added RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related. labels Aug 23, 2023
@ggbecker ggbecker added this to the 0.1.70 milestone Aug 23, 2023
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@codeclimate
Copy link

codeclimate bot commented Aug 23, 2023

Code Climate has analyzed commit c18174a and detected 1 issue on this pull request.

Here's the issue category breakdown:

Category Count
Complexity 1

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 53.3% (0.0% change).

View more on Code Climate.

@vojtapolasek vojtapolasek self-assigned this Aug 23, 2023
vojtapolasek
vojtapolasek approved these changes Aug 23, 2023
View reviewed changes
Copy link
Collaborator

@vojtapolasek vojtapolasek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello and thank you @ggbecker . I went through all rules and changes seem to be appropriate.
I checked the output table and it seems that it now works as expected based on the PR description.
The code climate warning is valid, but I don't think it falls into scope of this PR.
The Rawhide Automatus is currently broken.
Merging.

@vojtapolasek vojtapolasek merged commit 0d33ef3 into ComplianceAsCode:master Aug 23, 2023
33 of 34 checks passed
@Mab879 Mab879 added the Infrastructure Our content build system label Oct 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vojtapolasek vojtapolasek vojtapolasek approved these changes

Assignees

@vojtapolasek vojtapolasek

Labels
Infrastructure Our content build system RHEL8 Red Hat Enterprise Linux 8 product related. STIG STIG Benchmark related.
Projects
None yet
Milestone
0.1.70
Development

Successfully merging this pull request may close these issues.
3 participants
@ggbecker @vojtapolasek @Mab879