Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix OS Release Comparing: 8.10 #39

Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

Fix OS Release Comparing: 8.10 #39

wants to merge 17 commits into from
+894 −71

Conversation

jrmetzger
Copy link
Contributor

Tested against 8.10. Regex for 8.1 and fails test. Should add End of Line for regex to differ 8.1 with 8.10

@jrmetzger
Update for 8.10
865dd14 
Tested against 8.10. Regex for 8.1 and fails test. Should add End of Line for regex to differ 8.1 with 8.10
@jrmetzger jrmetzger self-assigned this Jan 13, 2025
@jrmetzger jrmetzger changed the base branch from main to faillock_dir_dynamic January 13, 2025 20:42
@aaronlippold
Copy link
Member

Please update the patch version in the inspec.yml - as part of this PR as well

@aaronlippold
Copy link
Member

each time we do a merge to main we have to update the version here so that inspec knows to pull down the updated code

https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline/blob/main/inspec.yml#L7C1-L7C16

@aaronlippold
Copy link
Member

The logic here is:

version: 1.14.1

STIG Version 1 Release 14 of the benchmark generally

and we have made .... 1,2,3 ... n patches and fixes to the test.

Then we can make a set of releases v1.14.x -> v1.14 -> v1 So folks can 'pin' as they need to and don't 'run off main' in real workflows.

https://mitre.github.io/saf-training/courses/profile-dev-test/02.html

@jrmetzger
Copy link
Contributor Author

The logic here is:

version: 1.14.1

STIG Version 1 Release 14 of the benchmark generally

and we have made .... 1,2,3 ... n patches and fixes to the test.

Then we can make a set of releases v1.14.x -> v1.14 -> v1 So folks can 'pin' as they need to and don't 'run off main' in real workflows.

https://mitre.github.io/saf-training/courses/profile-dev-test/02.html

Will note for https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline/tree/faillock_dir_dynamic branch upstream from this

@jrmetzger
Update inspec.yml
50a0b95 
bump inspec version
@jrmetzger jrmetzger changed the base branch from faillock_dir_dynamic to main January 14, 2025 13:05
@jrmetzger jrmetzger mentioned this pull request Jan 17, 2025
Open
@jrmetzger jrmetzger requested a review from em-c-rod January 17, 2025 21:11
jrmetzger
jrmetzger commented Jan 17, 2025
View reviewed changes
controls/SV-230342.rb Outdated Show resolved Hide resolved
jrmetzger
jrmetzger commented Jan 17, 2025
View reviewed changes
controls/SV-230342.rb Outdated Show resolved Hide resolved
@jrmetzger jrmetzger linked an issue Jan 17, 2025 that may be closed by this pull request
Fix OS Release Comparing: 8.10 #43
Open
@jrmetzger jrmetzger changed the title Update for 8.10 Fix OS Release Comparing: 8.10 Jan 17, 2025
aaronlippold
aaronlippold reviewed Jan 17, 2025
View reviewed changes
controls/SV-230332.rb Outdated Show resolved Hide resolved
aaronlippold
aaronlippold requested changes Jan 17, 2025
View reviewed changes
inspec.yml Show resolved Hide resolved
@aaronlippold
Copy link
Member

I created a PR on the inspec side to fix this - inspec/inspec#7271

You may be able to just drop my udpated os resource into your profiles libraries directy to handle this as I took your approach and just moved it to the resource level vs the control level.

@aaronlippold
Copy link
Member

Fixed by: inspec/inspec#7279

@jrmetzger jrmetzger mentioned this pull request Jan 31, 2025
Closed
@jrmetzger
Copy link
Contributor Author

@aaronlippold what is the solution here?

@aaronlippold
Copy link
Member

I updated the OS resource to do version correctly and updated all controls in the profile that were only for 8.1 or 8.2.

I also put in a PR with inspec with it.

Let me know if this works for you.

@aaronlippold
Copy link
Member

@jrmetzger NOTE: pulling the os resource into the RHEL9 profile and making a similar update will be necessary until my PR with inspec - inspec/inspec#7294 is merged.

@jrmetzger
Copy link
Contributor Author

Tested against 8.10 (modify /etc/os-release), working as expected

Jon Metzger and others added 4 commits February 6, 2025 16:42
8.1/8.2 message update
f3120c1
8.4 message
fe64d48
@aaronlippold
fixed controls to use os.release in favor of os.version, extra suppor…
37a6ed4 
…t in OS should not be needed, likey a local issue

Signed-off-by: Aaron Lippold <[email protected]>
@aaronlippold
fixed controls to use os.release in favor of os.version, extra suppor…
dbe0da5 
…t in OS should not be needed, likey a local issue

Signed-off-by: Aaron Lippold <[email protected]>
@em-c-rod em-c-rod mentioned this pull request Feb 10, 2025
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaronlippold aaronlippold aaronlippold requested changes

@wdower wdower Awaiting requested review from wdower

@em-c-rod em-c-rod Awaiting requested review from em-c-rod

Assignees

@jrmetzger jrmetzger

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix OS Release Comparing: 8.10
2 participants
@jrmetzger @aaronlippold