Conversation
- Add RHCOS4 BSI profiles - Add STIG V2R3 profiles
For SLE16 platform those files reside in different than default location and this might be the case for other future platforms
….2 Docker digest to da66f14 Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
No need for jinja condition if we use platform condition
- Fixed NetworkManager package issue for ubuntu2204 and ubuntu2404. - ubuntu didn't need Network manager so this created a custom wirless_disable_interfaces for ubuntu for ansible, similar to how it was done in bash. - Resolved issue where using the same register variable outside and inside the block were causing failures. - Add rule_title to all tasks for wireless_disable_interfactes ansible. Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
Add runtime SSHD config checking for OpenShift compliance operatorThe compliance operator fetches runtime SSHD config from the cluster andfeeds it to the scanner before scans. Adds `sshd_runtime_check` option(default: false, true for RHCOS4), updates OVAL macros, and sets default
Enhance the SSHD runtime configuration checking by updating the path for the compliance operator's runtime effective config file to a temp file. Modify the OVAL macros to conditionally adjust the criteria operator based on the runtime check status, ensuring accurate compliance checks.
…ck_deny_root rule
… template Enable sle16 support for the template
…nd common-account for sle
Thanks to @Mab879 for noting 🙇
This is a new parameter, that defaults to false. Update the test data so that it's included in product stability.
Replaced pkg_resources with a custom RequirementParser. It implements just enough of pkg_resources.Requirement to work for our project. Fixes: ComplianceAsCode#13902
Add firewalld-backend to RHEL 10 CIS profile
…dabot/github_actions/softprops/action-gh-release-2.5.0 Bump softprops/action-gh-release from 2.4.2 to 2.5.0
…ux/mintmaker/master/compliance-trestle-3.x Update dependency compliance-trestle to v3.10.4
…noshelllogin Fix conditional in no_shelllogin_for_systemaccounts remediation
…s_pam_no_remember CIS: implement controls so that "remember" is not used together with pam_unix
The partial match of the expected and declared platform full name leads to issues when using shared templates for: - platform_ipv6_state - platform_mount CPE OVAL checks as well the inconsistency confuses ssg/utils.py product_to_name method
…ck-sshd CMP-3916: Add runtime SSHD config checking for OpenShift
ccbbfcb to
8d50245
Compare
Update RHEL8 STIG to V2R5
…/sle16_fix_fullname Fix sle16 full platform name
…/sle16_fix_cces Sle16 fix CCEs
Remove trailing flash for Fedora gating
Also added restrictions to token permissions as suggested by github.
Use env in the shebang for python scripts. Use fixed hash for github actions to prevent supply chain attacks. Remove dead code. Add pcre2 to the requirements.txt file.
There's no need to manage issues from the ATEX PR point of view.
0c53819 to
8b45e57
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
Rationale:
Rationale here. Replace this text. Don't use the italics format!
Fixes # Issue number here (e.g. Shellcheck #26) or remove this line if no issue exists.
Review Hints:
Review hints here. Replace this text. Don't use the italics format!
Use this optional section to give any relevant information which could help the reviewer to more quickly and assertively understand and test the changes.
Good examples are useful commands, if it is better to review all commits together or in a suggested sequence, any relevant discussion in other PRs or issues, etc.