Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHEL 8: align with CIS 3, section 2 #11457

Merged
merged 37 commits into from
Jan 24, 2024
Merged

RHEL 8: align with CIS 3, section 2 #11457

merged 37 commits into from
Jan 24, 2024

Conversation

vojtapolasek
Copy link
Collaborator

Description:

  • adjust the section 2 of the CIS policy file to be aligned with version 3.0.0
  • update rule references
  • update the PCI-DSS profile stability test because:
    • a rule was selected in PCI-DSS, but it was missing the prodtype for RHEL 8
    • the prodtype got added in this PR which is related to CIS
    • therefore, the rule got added into the PCI-DSS profile as well and the test has to be updated

Rationale:

  • effort to keep CIS profiles up-to-date

Review Hints:

  • download the CIS for RHEL 8 version 3
  • verify section 2 is aligned

@vojtapolasek vojtapolasek added Update Profile Issues or pull requests related to Profiles updates. RHEL8 Red Hat Enterprise Linux 8 product related. CIS CIS Benchmark related. labels Jan 18, 2024
@vojtapolasek vojtapolasek added this to the 0.1.72 milestone Jan 18, 2024
@vojtapolasek vojtapolasek requested a review from a team as a code owner January 18, 2024 13:57
@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@marcusburghardt marcusburghardt self-assigned this Jan 19, 2024
@openshift-merge-robot openshift-merge-robot added the needs-rebase Used by openshift-ci bot. label Jan 20, 2024
marcusburghardt
marcusburghardt requested changes Jan 22, 2024
View reviewed changes
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates. There are only very few comments to be checked. And the conflicts should be relatively easy to be resolved after rebasing.

controls/cis_rhel8.yml Outdated Show resolved Hide resolved
controls/cis_rhel8.yml Show resolved Hide resolved
controls/cis_rhel8.yml Show resolved Hide resolved
controls/cis_rhel8.yml Show resolved Hide resolved
controls/cis_rhel8.yml Outdated Show resolved Hide resolved
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Used by openshift-ci bot. label Jan 23, 2024
@vojtapolasek
Copy link
Collaborator Author

Hello @marcusburghardt and thank you for the review. I rebased and made requested changes.

@marcusburghardt
Copy link
Member

Hello @marcusburghardt and thank you for the review. I rebased and made requested changes.

Great @vojtapolasek . I had just one last comment about the last changes in 2.2.20.

marcusburghardt
marcusburghardt approved these changes Jan 23, 2024
View reviewed changes
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work. Thanks @vojtapolasek . We only need to wait the CI tests.

@Mab879
Copy link
Member

Mab879 commented Jan 23, 2024

@vojtapolasek please rebase

@vojtapolasek
update control 2.2.11
c49f3c2
@vojtapolasek
update control 2.2.12
5105c27
@vojtapolasek
update control 2.2.13
b587262
@vojtapolasek
update control 2.2.14
5b627e4
@vojtapolasek
update control 2.2.15
7a6d950
@vojtapolasek
update control 2.2.16
37291d8
@vojtapolasek
update control 2.2.17
d812ef1
@vojtapolasek
update control 2.2.18
0005ef9
@vojtapolasek
update control 2.2.19
16e570f
@vojtapolasek
update control 2.2.20
957007d
@vojtapolasek
update control 2.2.21
29fd2d7
@vojtapolasek
update control 2.2.22
c2e7f07
@vojtapolasek
update control 2.3.1
23c4f7e
@vojtapolasek
update control 2.3.2
5b97893
@vojtapolasek
update control 2.3.3
52938a8
@vojtapolasek
update control 2.3.5
8dcabcd
@vojtapolasek
remove control 2.4
c383fa7
@vojtapolasek
remove CIS references in rules which were removed from the profile
a81204a
@vojtapolasek
modify profile stability test of RHEL 8 PCI-DSS
4622477 
this should not be in scope of this PR, but changing prodtype of the rule package_ftp_removed  made it inserted into the RHEL 8 PCI-DSS profile as well.
This change is made so that tests pass.
@vojtapolasek
change status of 2.2.1
c25538f 
in fact, due to autofs being a dependency, the control is automated with service_autofs_disabled
@vojtapolasek
include reference also in related rule for 2.2.2
59e00e6
@vojtapolasek
update refernce in related rule of 2.2.3
769bbe4
@vojtapolasek
update control 2.2.20 to set correct runlevel
a5a8c74
@vojtapolasek
remove cis reference from xwindows_remove_packages
f0aa2d5
@vojtapolasek
Copy link
Collaborator Author

Rebased.

marcusburghardt
marcusburghardt approved these changes Jan 24, 2024
View reviewed changes
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the nice work @vojtapolasek .

@codeclimate CodeClimate
Copy link

codeclimate bot commented Jan 24, 2024

Code Climate has analyzed commit f0aa2d5 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 58.5% (0.0% change).

View more on Code Climate.

@marcusburghardt marcusburghardt merged commit 2931d4f into ComplianceAsCode:master Jan 24, 2024
41 of 43 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcusburghardt marcusburghardt marcusburghardt approved these changes

Assignees

@marcusburghardt marcusburghardt

Labels
CIS CIS Benchmark related. RHEL8 Red Hat Enterprise Linux 8 product related. Update Profile Issues or pull requests related to Profiles updates.
Projects
None yet
Milestone
0.1.72
Development

Successfully merging this pull request may close these issues.
4 participants
@vojtapolasek @marcusburghardt @Mab879 @openshift-merge-robot