Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend and improve rules for Ubuntu 24.04 6.1.4.1 #13081

Merged
merged 16 commits into from
Feb 21, 2025
Merged

Extend and improve rules for Ubuntu 24.04 6.1.4.1 #13081

merged 16 commits into from
Feb 21, 2025

Conversation

mpurg
Copy link
Contributor

@mpurg mpurg commented Feb 19, 2025
edited
Loading

Description:

Extends PR #13062 with fixes suggested in review
Change summary:

  • groupowner_local_var_log: rename to file_groupownerships_var_log, search recursively and only files, ignore also files in /var/log/sssd/* and /var/log/(gdm|gdm3)/*
  • owner_local_var_log: rename to file_ownerships_var_log, search recursively and only files, ignore also files in /var/log/sssd/* and /var/log/(gdm|gdm3)/*
  • permissions_var_log: search recursively and fix exclusions
  • file_{group,}owner_var_log_{sssd,gdm,gdm3,apt}: rename to file_{group,}ownership_var_log_{sssd,gdm,gdm3,apt} and change the logic to check files inside these folders recursively
  • fix metadata and invert jinja conditionals
  • update rules in default profile

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Feb 19, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 19, 2025

Hi @mpurg. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci bot added the needs-ok-to-test Used by openshift-ci bot. label Feb 19, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 19, 2025
edited
Loading

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_var_log_messages'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_var_log_messages
+++ xccdf_org.ssgproject.content_rule_file_groupowner_var_log_messages
@@ -3,7 +3,7 @@
 Verify Group Who Owns /var/log/messages File
 
 [description]:
-To properly set the group owner of /var/log/messages, run the command: $ sudo chgrp adm /var/log/messages
+To properly set the group owner of /var/log/messages, run the command: $ sudo chgrp root /var/log/messages
 
 [reference]:
 CCI-001314

@dodys dodys self-assigned this Feb 19, 2025
@dodys dodys added this to the 0.1.77 milestone Feb 19, 2025
@mpurg mpurg force-pushed the ubuntu2404_cis_6.1.4.1-3 branch from 66b5c0c to 275a3bd Compare February 20, 2025 06:06
@dodys dodys mentioned this pull request Feb 20, 2025
Merged
@mpurg mpurg force-pushed the ubuntu2404_cis_6.1.4.1-3 branch from 275a3bd to 1ac62fa Compare February 20, 2025 13:17
@mpurg mpurg force-pushed the ubuntu2404_cis_6.1.4.1-3 branch from 1ac62fa to df94bb5 Compare February 20, 2025 13:22
@mpurg mpurg force-pushed the ubuntu2404_cis_6.1.4.1-3 branch from dd80efb to 4a933eb Compare February 21, 2025 13:54
@mpurg mpurg marked this pull request as ready for review February 21, 2025 14:06
@mpurg mpurg requested a review from a team as a code owner February 21, 2025 14:06
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Feb 21, 2025
@mpurg mpurg force-pushed the ubuntu2404_cis_6.1.4.1-3 branch from 4a933eb to 1a4bb83 Compare February 21, 2025 14:28
@mpurg mpurg force-pushed the ubuntu2404_cis_6.1.4.1-3 branch from 1a4bb83 to 1b8d60b Compare February 21, 2025 14:44
@codeclimate CodeClimate
Copy link

codeclimate bot commented Feb 21, 2025

Code Climate has analyzed commit 1b8d60b and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 62.0% (0.0% change).

View more on Code Climate.

dodys
dodys approved these changes Feb 21, 2025
View reviewed changes
Copy link
Contributor

@dodys dodys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks!

@dodys dodys merged commit e9f26b6 into ComplianceAsCode:master Feb 21, 2025
100 of 102 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dodys dodys dodys approved these changes

Assignees

@dodys dodys

Labels
needs-ok-to-test Used by openshift-ci bot.
Projects
None yet
Milestone
0.1.77
Development

Successfully merging this pull request may close these issues.
2 participants
@mpurg @dodys