Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update notes in ANSSI R3 #11680

Merged
merged 1 commit into from
Mar 12, 2024
Merged

Update notes in ANSSI R3 #11680

merged 1 commit into from
Mar 12, 2024

Conversation

jan-cerny
Copy link
Collaborator

We have investigated various options of automating this requirement. For example checking the status by reading /dev/kmsg or /sys/firmware/efi/efivars/. We have discovered that these items can't be read using OVAL or its OpenSCAP implementation. Implementing new behaviors in OpenSCAP, likely followed by complex rules, would require too much effort and complexity to the benefit provided by automating this rule. So we have concluded to keep this control manual and we only update the notes section in the control.

@jan-cerny
Update notes in ANSSI R3
c7dc467 
We have investigated various options of automating this requirement.
For example checking the status by reading `/dev/kmsg` or
`/sys/firmware/efi/efivars/`. We have discovered that these items can't
be read using OVAL or its OpenSCAP implementation.  Implementing new
behaviors in OpenSCAP, likely followed by complex rules, would require
too much effort and complexity to the benefit provided by automating
this rule. So we have concluded to keep this control manual and we only
update the notes section in the control.
@jan-cerny jan-cerny added the ANSSI ANSSI Benchmark related. label Mar 12, 2024
@jan-cerny jan-cerny added this to the 0.1.73 milestone Mar 12, 2024
@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@github-actions GitHub Actions
Copy link

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11680
This image was built from commit: c7dc467

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11680

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11680 make deploy-local

@codeclimate CodeClimate
Copy link

codeclimate bot commented Mar 12, 2024

Code Climate has analyzed commit c7dc467 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.8% (0.0% change).

View more on Code Climate.

@jan-cerny
Copy link
Collaborator Author

/packit retest-failed

@Mab879 Mab879 self-assigned this Mar 12, 2024
@Mab879 Mab879 merged commit ee4e743 into ComplianceAsCode:master Mar 12, 2024
44 checks passed
@Mab879 Mab879 added the Update Profile Issues or pull requests related to Profiles updates. label May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels
ANSSI ANSSI Benchmark related. Update Profile Issues or pull requests related to Profiles updates.
Projects
None yet
Milestone
0.1.73
Development

Successfully merging this pull request may close these issues.
2 participants
@jan-cerny @Mab879