Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable sshd_distributed_config for ubuntu 2004 & 2204 #11305

Merged
merged 3 commits into from
Dec 6, 2023
Merged

enable sshd_distributed_config for ubuntu 2004 & 2204 #11305

merged 3 commits into from
Dec 6, 2023

Conversation

paulroche
Copy link

@paulroche paulroche commented Nov 24, 2023
edited
Loading

Description:

  • enable sshd_distributed_config for ubuntu 2004 & 2204

Rationale:

Review Hints:

from my local testing:

oscap-ssh --sudo ubuntu@test-host 22 xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_server --check-engine-results --rule xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords /scap-security-guide/ssg-ubuntu2204-sshd-ds.xml

Title   Disable SSH Access via Empty Passwords
Rule    xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
Result  pass

without:

oscap-ssh --sudo ubuntu@test-host 22 xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_server --check-engine-results --rule xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords /scap-security-guide/ssg-ubuntu2204-ds.xml

Title   Disable SSH Access via Empty Passwords
Rule    xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
Result  fail

@paulroche paulroche requested a review from a team as a code owner November 24, 2023 00:16
@openshift-ci openshift-ci bot added the needs-ok-to-test Used by openshift-ci bot. label Nov 24, 2023
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Nov 24, 2023

Hi @paulroche. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@dodys dodys added ok-to-test Used by openshift-ci bot. and removed needs-ok-to-test Used by openshift-ci bot. labels Nov 24, 2023
@dodys dodys self-assigned this Nov 24, 2023
@dodys dodys added the Ubuntu Ubuntu product related. label Nov 24, 2023
@dodys
Copy link
Contributor

dodys commented Nov 24, 2023

/packit retest-failed

@dodys
Copy link
Contributor

dodys commented Nov 24, 2023

hey @paulroche thanks for your PR.
Would you like to include the same for Ubuntu 20.04 and if possible add multi_platform_ubuntu to missing tests in shared/templates/sshd_lineinfile/tests/ ?

@paulroche
Copy link
Author

@dodys added ubuntu 2004 and updated platform string in sshd_lineinfile/tests. it appears the testing-farm tests are failing with:

:: [ 19:02:53 ] :: [ FAIL ] :: Command 'yum remove -y ansible' (Expected 0, got 1)

im not sure how my changes to ubuntu could be impacting centos ability to remove ansible

@paulroche paulroche changed the title enable sshd_distributed_config for ubuntu2204 enable sshd_distributed_config for ubuntu 2004 & 2204 Nov 24, 2023
@dodys
Copy link
Contributor

dodys commented Nov 28, 2023

/packit retest-failed

@codeclimate CodeClimate
Copy link

codeclimate bot commented Nov 28, 2023

Code Climate has analyzed commit 7ba5686 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 58.5%.

View more on Code Climate.

@dodys
Copy link
Contributor

dodys commented Nov 28, 2023

@marcusburghardt are the packit tests currently broken?

@vojtapolasek vojtapolasek added this to the 0.1.72 milestone Nov 29, 2023
@marcusburghardt
Copy link
Member

@marcusburghardt are the packit tests currently broken?

Yes, we are investigating this. Hopefully we can solve it soon. If the PR is ready to be merged and we are sure no issue could be obfuscated by these broken tests, we can waive them in the meantime.

dodys
dodys approved these changes Nov 29, 2023
View reviewed changes
Copy link
Contributor

@dodys dodys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks!

@dodys
Copy link
Contributor

dodys commented Dec 6, 2023

/packit retest-failed

@dodys dodys merged commit d1df84c into ComplianceAsCode:master Dec 6, 2023
38 checks passed
@vojtapolasek vojtapolasek added the Update Rule Issues or pull requests related to Rules updates. label Feb 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dodys dodys dodys approved these changes

Assignees

@dodys dodys

Labels
ok-to-test Used by openshift-ci bot. Ubuntu Ubuntu product related. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.72
Development

Successfully merging this pull request may close these issues.
4 participants
@paulroche @dodys @marcusburghardt @vojtapolasek