Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update netrc requirement in CIS for RHEL8 #10511

Merged
merged 2 commits into from
May 2, 2023
Merged

Update netrc requirement in CIS for RHEL8 #10511

merged 2 commits into from
May 2, 2023

Conversation

marcusburghardt
Copy link
Member

Description:

Included accounts_users_netrc_file_permissions rule in the CIS controlfile for RHEL8.

Rationale:

Better CIS coverage for RHEL8.

@marcusburghardt
Update netrc requirement in CIS for RHEL8
75ac569 
Included the accounts_users_netrc_file_permissions rule in the CIS
controlfile for RHEL8.
@marcusburghardt marcusburghardt added RHEL8 Red Hat Enterprise Linux 8 product related. CIS CIS Benchmark related. labels Apr 28, 2023
@marcusburghardt marcusburghardt added this to the 0.1.68 milestone Apr 28, 2023
@marcusburghardt marcusburghardt requested a review from a team as a code owner April 28, 2023 07:28
@github-actions
Copy link

github-actions bot commented Apr 28, 2023
edited
Loading

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@Mab879 Mab879 self-assigned this Apr 28, 2023
@Mab879 Mab879 added the Update Profile Issues or pull requests related to Profiles updates. label Apr 28, 2023
Mab879
Mab879 previously approved these changes Apr 28, 2023
View reviewed changes
@Mab879
Copy link
Member

Mab879 commented Apr 28, 2023

/packit build

@Mab879 Mab879 dismissed their stale review April 28, 2023 14:10

Based on testing farm tests.

@Mab879
Copy link
Member

Mab879 commented Apr 28, 2023 

:: [ 13:57:08 ] :: [   FAIL   ] :: Rules not passing after remediation:

xccdf_org.ssgproject.content_rule_accounts_users_netrc_file_permissions - fail

The testing farm failure for RHEL 9 doesn't appear to be false positive.

@marcusburghardt what do you think?

@marcusburghardt
Update rule to pass if no interactive users
e304bc5 
The rule checks for .netrc file in home directory of interactive users.
If there is no interactive user or the interactive users don't have home
directory, the rule should pass because there is no uncompliant .netrc
file.
@marcusburghardt
Copy link
Member Author 

:: [ 13:57:08 ] :: [   FAIL   ] :: Rules not passing after remediation:

xccdf_org.ssgproject.content_rule_accounts_users_netrc_file_permissions - fail

The testing farm failure for RHEL 9 doesn't appear to be false positive.

@marcusburghardt what do you think?

It was legit. I just updated the rule to handle cases where there is no interactive user on the system.
Test scenarios for these cases have also been included.
Commit e304bc5

@codeclimate
Copy link

codeclimate bot commented May 2, 2023

Code Climate has analyzed commit e304bc5 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 52.4% (0.0% change).

View more on Code Climate.

@marcusburghardt
Copy link
Member Author

Automatus CS9 is failing because this rule is restricted to rhel8 on its prodtype definition.

Mab879
Mab879 approved these changes May 2, 2023
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the test fix!

@Mab879
Copy link
Member

Mab879 commented May 2, 2023

I agree with waving the Automatus for CS9.

@Mab879 Mab879 merged commit 5a228b6 into ComplianceAsCode:master May 2, 2023
@marcusburghardt marcusburghardt deleted the cis_rhel8_netrc branch May 2, 2023 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
CIS CIS Benchmark related. RHEL8 Red Hat Enterprise Linux 8 product related. Update Profile Issues or pull requests related to Profiles updates.
Projects
None yet
Milestone
0.1.68
Development

Successfully merging this pull request may close these issues.
2 participants
@marcusburghardt @Mab879