-
Notifications
You must be signed in to change notification settings - Fork 698
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add initial RHEL 10 CIS profiles #12075
Add initial RHEL 10 CIS profiles #12075
Conversation
Since there is not yet a CIS Policy for RHEL10, this control file was based on RHEL9 and was created only for experimental purposes. Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
There is not yet an official CIS policy for RHEL10. Therefore, these profiles were based on existing RHEL9 profiles and were created only for experimental purposes. Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
Skipping CI for Draft Pull Request. |
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
- l1_workstation | ||
reference_type: cis | ||
product: rhel10 | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you checked if there are any rules that aren't applicable to RHEL 10 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used RHEL 9 as reference and actually discovered some rules incorrectly removed in RHEL 9 profiles. It will be addressed in another PR. Regarding RHEL 10, so far I didn't find anything that caught my attention but in any case this is an experimental profile. We will be more sure when the product and respective policy are released.
RHEL 9 and RHEL 10 instead of RHEL9 and RHEL10. Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
There are conflicting requirements regarding journald and rsyslog. JournalD is the default preference for RHEL 9. Aligned the draft control file for RHEL 10 with CIS RHEL 9 v2.0.0. Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
Code Climate has analyzed commit 56eac7c and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have built the RHEL 10 content and viewed the built HTML guides for CIS profiles.
The CI fail on Fedora Rawhide is a problem in dnf and isn't caused by the contents of this PR.
Description:
Add initial RHEL 10 CIS profiles.
Rationale:
Currently there is not a CIS Policy for RHEL 10. Therefore, these profiles are for experimental purposes only.
Review Hints:
The control file was based on the changes already related to CIS RHEL9 v2.0.0.
However, since the #12067 is not yet merged, some variables used in the control file are using
cis_rhel8
option because thecis_rhel9
option was introduced by #12067.This can be easily updated after, once the #12067 is merged.