New rule tftp_uses_secure_mode_systemd #12436
Conversation
|
Start a new ephemeral environment with changes proposed in this pull request: rhel10 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
Mab879
force-pushed
the
new_rule_tftp
branch
from
811fd30
to
bd60b59
Compare
|
This datastream diff is auto generated by the check Click here to see the full diffxccdf_org.ssgproject.content_rule_tftpd_uses_secure_mode is missing in new data stream. |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
|
|
||
| warnings: | ||
| - general: |- | ||
| A remedation is not currently available due limits of the checking engine. |
There was a problem hiding this comment.
The checking engine isn't a reason of a missing remediation. You can have remediations that would be executed if they run separately, Ansible Playbook or a Bash remediation.
I suggest rewording this and explaining why there is no OVAL check.
| Use <tt>sudo systemctl edit tftp</tt> to adjust the <tt>ExecStart</tt> to | ||
| be <tt>/usr/sbin/in.tftpd -s {{{ xccdf_value("var_tftpd_secure_directory") }}}</tt> |
There was a problem hiding this comment.
This is rather a fix text not a check.
| @@ -0,0 +1,38 @@ | |||
| documentation_complete: true | |||
|
|
|||
| title: 'Ensure tftp Daemon Uses Secure Mode Using systemd' | |||
There was a problem hiding this comment.
The title is weird: uses ... using
Configure tftp systemd service to use secure mode
Add new rule tftp secure mode for systems that use systemd. The old rule tftp_uses_secure_mode uses xinetd which no longer used in new versions of RHEL. There is no remediation or checks since ExecStart cannot be obtained from dbus.
Mab879
force-pushed
the
new_rule_tftp
branch
from
bd60b59
to
dec10dd
Compare
Mab879
force-pushed
the
new_rule_tftp
branch
from
dec10dd
to
3374111
Compare
|
Code Climate has analyzed commit 3374111 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.5% (0.0% change). View more on Code Climate. |
Description:
Add new rule tftp secure mode for systems that use systemd. The old rule tftp_uses_secure_mode uses xinetd which no longer used in new versions of RHEL.
There is no remediation or checks since ExecStart
cannot be obtained from dbus.
Rationale:
Updates for RHEL 10