Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add remediations for rule network_sniffer_disabled #10659

Merged
merged 1 commit into from
Jun 1, 2023
Merged

Add remediations for rule network_sniffer_disabled #10659

merged 1 commit into from
Jun 1, 2023

Conversation

freddieRv
Copy link
Contributor

Description:

  • Add ansible and bash remediations for rule network_sniffer_disabled

Rationale:

  • This rule had no remediation content while it is rather easy to remediate

Review Hints:

  • While the current ansible playbook works, I think there might be a better way to get the interfaces names instead of parsing through the output of ip link show. I'm open to suggestions on how to improve this remediation.

@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@github-actions
Copy link

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
New datastream adds bash remediation for rule 'xccdf_org.ssgproject.content_rule_network_sniffer_disabled'.%0ANew datastream adds ansible remediation for rule 'xccdf_org.ssgproject.content_rule_network_sniffer_disabled'.

@Mab879 Mab879 self-assigned this May 31, 2023
@Mab879 Mab879 added this to the 0.1.69 milestone May 31, 2023
@Mab879 Mab879 added Ansible Ansible remediation update. Bash Bash remediation update. labels May 31, 2023
Mab879
Mab879 requested changes May 31, 2023
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have proposed a few changed to be in line with the style guide.

linux_os/guide/system/network/network_sniffer_disabled/ansible/shared.yml Outdated Show resolved Hide resolved
linux_os/guide/system/network/network_sniffer_disabled/ansible/shared.yml Outdated Show resolved Hide resolved
linux_os/guide/system/network/network_sniffer_disabled/ansible/shared.yml Outdated Show resolved Hide resolved
linux_os/guide/system/network/network_sniffer_disabled/ansible/shared.yml Outdated Show resolved Hide resolved
linux_os/guide/system/network/network_sniffer_disabled/ansible/shared.yml Outdated Show resolved Hide resolved
@Mab879
Copy link
Member

Mab879 commented May 31, 2023

Automatus failures are expected due the nature of the rule.

@freddieRv
Add remediations for rule network_sniffer_disabled
676d8d1 
This includes bash and ansible remediations

Signed-off-by: Federico Ramirez <federico.r.ramirez@oracle.com>
@freddieRv freddieRv force-pushed the network_sniffer_disabled-remediations branch from e7c7cd0 to 676d8d1 Compare May 31, 2023 21:34
@codeclimate
Copy link

codeclimate bot commented May 31, 2023

Code Climate has analyzed commit 676d8d1 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 52.8% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 merged commit 6e17a23 into ComplianceAsCode:master Jun 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
Ansible Ansible remediation update. Bash Bash remediation update.
Projects
None yet
Milestone
0.1.69
Development

Successfully merging this pull request may close these issues.
2 participants
@freddieRv @Mab879