Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix ssh-keysign path for UBTU-20-010141 #11082

Merged
merged 1 commit into from
Nov 21, 2023
Merged

fix ssh-keysign path for UBTU-20-010141 #11082

merged 1 commit into from
Nov 21, 2023

Conversation

dexterle
Copy link
Contributor

@dexterle dexterle commented Sep 8, 2023
edited
Loading

Description:

  • Fix UBTU-20-010141
  • Add proper template path

Rationale:

Review Hints:

Build the product:

./build_product ubuntu2004

To test these changes with Ansible:

ansible-playbook build/ansible/ubuntu2004-playbook-stig.yml --tags "DISA-STIG-UBTU-20-010141"

To test changes with bash, run the remediation section: xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_ssh_keysign

Checkout Manual STIG OVAL definitions, and use software like DISA STIG Viewer to view definitions.

git checkout dexterle:add-manual-stig-ubtu-20-v1r9

This STIG can be tested with the latest Ubuntu 2004 Benchmark SCAP. For reference, please review the latest artifacts: https://public.cyber.mil/stigs/downloads/

@openshift-ci openshift-ci bot added do-not-merge/work-in-progress Used by openshift-ci bot. needs-ok-to-test Used by openshift-ci bot. labels Sep 8, 2023
@openshift-ci
Copy link

openshift-ci bot commented Sep 8, 2023

Hi @dexterle. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@Mab879 Mab879 added Ubuntu Ubuntu product related. STIG STIG Benchmark related. labels Sep 8, 2023
@github-actions
Copy link

github-actions bot commented Sep 8, 2023

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@dexterle dexterle marked this pull request as ready for review September 11, 2023 14:53
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Sep 11, 2023
dodys
dodys requested changes Sep 13, 2023
View reviewed changes
Copy link
Contributor

@dodys dodys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice catch!
but use if 'ubuntu' in product instead

@dodys dodys self-assigned this Sep 13, 2023
@dodys dodys added ok-to-test Used by openshift-ci bot. and removed needs-ok-to-test Used by openshift-ci bot. labels Sep 13, 2023
@dexterle
fix ssh-keysign path for UBTU-20-010141
4ae45df 
This commit will modify the ssh-keysign path for ubuntu2004 to target /usr/lib/openssh/ssh-keysign, which is the path defined in DISA STIG remediation
@dexterle
Copy link
Contributor Author

nice catch! but use if 'ubuntu' in product instead

Thanks for feedback, should be added in now

@dexterle dexterle requested a review from dodys September 13, 2023 17:02
@codeclimate
Copy link

codeclimate bot commented Sep 13, 2023

Code Climate has analyzed commit 4ae45df and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 53.8% (0.0% change).

View more on Code Climate.

dodys
dodys approved these changes Nov 21, 2023
View reviewed changes
Copy link
Contributor

@dodys dodys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks

@dodys
Copy link
Contributor

dodys commented Nov 21, 2023

/packit retest-failed

@dodys dodys merged commit 2fe7db3 into ComplianceAsCode:master Nov 21, 2023
31 of 35 checks passed
@dodys dodys mentioned this pull request Nov 21, 2023
Merged
@Mab879 Mab879 added this to the 0.1.71 milestone Nov 27, 2023
@Mab879 Mab879 added the Update Rule Issues or pull requests related to Rules updates. label Nov 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dodys dodys dodys approved these changes

Assignees

@dodys dodys

Labels
ok-to-test Used by openshift-ci bot. STIG STIG Benchmark related. Ubuntu Ubuntu product related. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.71
Development

Successfully merging this pull request may close these issues.
3 participants
@dexterle @dodys @Mab879