Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistencies regarding rule ids in when and tag fields (branch benchmark_v2.0.0) #258

Closed
bgro opened this issue Nov 29, 2024 · 2 comments
Closed

Inconsistencies regarding rule ids in when and tag fields (branch benchmark_v2.0.0) #258

bgro opened this issue Nov 29, 2024 · 2 comments
Assignees
@uk-bolly
Labels
bug Something isn't working

Comments

@bgro
Copy link
Contributor

bgro commented Nov 29, 2024

Describe the Issue

A few tasks in branch benchmark_v2.0.0
have inconsistencies between the rule ids in the title, the tags and the when section.

- Inconsistency in '"1.1.2.2.2 | PATCH | Ensure nodev option  set on /dev/shm partition
  1.1.2.2.3 | PATCH | Ensure nosuid option set on /dev/shm partition
  1.1.2.2.4 | PATCH | Ensure noexec option set on /dev/shm partition"
  ' between rule id(s) in title, tags and when:
  title: ['1.1.2.2.2', '1.1.2.2.3', '1.1.2.2.4']
  tags: ('1.1.2.2.1', '1.1.2.2.2', '1.1.2.2.3')
  when: ('1.1.2.2.2', '1.1.2.2.3', '1.1.2.2.4')
- Inconsistency in '5.3.3.3.3 | AUDIT | Ensure pam_pwhistory  includes use_authtok | Check existing files' between rule id(s) in
 title, tags and when:
 title: ['5.3.3.3.3']
 tags: ('5.3.3.3.2',)
 when: ('5.3.3.3.3',)
- Inconsistency in '7.2.4 | AUDIT | Ensure shadow group is    empty | check users in group' between rule id(s) in title, tags and
 when:
 title: ['7.2.4']
 tags: ('6.2.4',)
 when: ('7.2.4',)

Also note that in /tasks/section_1/cis_1.1.2.7.x.yml
three NIST tags ended up in the when section:

when:
     - ubtu22cis_rule_1_1_2_7_2 or
       ubtu22cis_rule_1_1_2_7_3 or
       ubtu22cis_rule_1_1_2_7_4
     - NIST800-53R5_CM-7
     - NIST800-53R5_AC-3
     - NIST800-53R5_MP-2

Also , there is an erroneous when section in tasks/section_2/cis_2.1.x.yml that reads

- not when system_is_ec2`

Finally, in

- name: "6.1.3 | Ensure cryptographic mechanisms are used to protect the integrity of audit tools"

the keyword | PATCH after the rule id is missing.

Expected Behavior

Rule-id-based variables in when statements and tags in tag fields should be consistent.

Actual Behavior
see above

Control(s) Affected
see above

Environment (please complete the following information):

  • branch being used: benchmark_v2.0.0
  • Ansible Version: n/a
  • Host Python Version: n/a
  • Ansible Server Python Version: n/a
  • Additional Details:
@bgro bgro added the bug Something isn't working label Nov 29, 2024
@bgro bgro changed the title Inconsistencies regarding rule ids in when and tag fields Inconsistencies regarding rule ids in when and tag fields (branch benchmark_v2.0.0) Nov 29, 2024
@uk-bolly uk-bolly self-assigned this Nov 29, 2024
uk-bolly added a commit that referenced this issue Nov 29, 2024
@uk-bolly
tag and title fixes #258 thanks to @bgro
7f724f6 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly
Copy link
Member

hi @bgro

Thank you once again for your great observations, this really help to pick up these little issues that occur. This has been pushed and the PR updated accordingly.

Many thanks once again

uk-bolly

@bgro
Copy link
Contributor Author

bgro commented Dec 2, 2024

Very welcome :)

@bgro bgro closed this as completed Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uk-bolly uk-bolly

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bgro @uk-bolly