Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set the requires to sshd_set_keepalive on sshd_set_idle_timeout #11815

Merged
merged 2 commits into from
Apr 17, 2024
Merged

Set the requires to sshd_set_keepalive on sshd_set_idle_timeout #11815

merged 2 commits into from
Apr 17, 2024

Conversation

Mab879
Copy link
Member

@Mab879 Mab879 commented Apr 12, 2024

Description:

Clean up the requires for sshd_set_keepalive.

Rationale:

Fixes #11803

@github-actions GitHub Actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 12, 2024
edited
Loading

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11815
This image was built from commit: 92bd690

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11815

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11815 make deploy-local

@Mab879
Copy link
Member Author

Mab879 commented Apr 12, 2024

/packit rebuild-failed

@jan-cerny
Copy link
Collaborator

/packit build

@jan-cerny
Copy link
Collaborator

The rule sshd_set_idle_timeout has the platform os_linux[rhel]<=8.5, on RHEL 9 the session timeout should be set by the rule logind_session_timeout instead.

@Mab879
Removed the RHEL <8.5 restriction from sshd_set_idle_timeout
92bd690 
This is no longer true in the STIG. While it is true that
8.5+ changes the behavior there is value in this rule in
RHEL 8.5+.
@Mab879
Copy link
Member Author

Mab879 commented Apr 15, 2024

The rule sshd_set_idle_timeout has the platform os_linux[rhel]<=8.5, on RHEL 9 the session timeout should be set by the rule logind_session_timeout instead.

I just removed the restriction. The STIG doesn't have this and there still value in this rule for RHEL 8.5+.

@codeclimate CodeClimate
Copy link

codeclimate bot commented Apr 15, 2024

Code Climate has analyzed commit 92bd690 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.2% (0.0% change).

View more on Code Climate.

@marcusburghardt marcusburghardt added the Update Rule Issues or pull requests related to Rules updates. label Apr 16, 2024
@marcusburghardt marcusburghardt added this to the 0.1.73 milestone Apr 16, 2024
@marcusburghardt
Copy link
Member

/packit build

marcusburghardt
marcusburghardt approved these changes Apr 17, 2024
View reviewed changes
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marcusburghardt marcusburghardt self-assigned this Apr 17, 2024
@marcusburghardt marcusburghardt merged commit 8fd51a6 into ComplianceAsCode:master Apr 17, 2024
45 checks passed
@Mab879 Mab879 deleted the fix_11803 branch April 17, 2024 12:22
@vojtapolasek vojtapolasek mentioned this pull request Apr 18, 2024
Merged
yuumasato added a commit to yuumasato/scap-security-guide that referenced this pull request Jun 25, 2024
@yuumasato
OCPBUGS-33945: select required SSHD timeout rule
729a3eb 
The rule sshd_set_idle_timeout used to require rule sshd_set_keepalive_0
for Red Hat linuxes. But after ComplianceAsCode#11815 it started to require rules
sshd_set_keepalive.

This selects the rule that satifyes the requirement.
@yuumasato yuumasato mentioned this pull request Jun 25, 2024
Merged
yuumasato added a commit to yuumasato/scap-security-guide that referenced this pull request Jun 26, 2024
@yuumasato
OCPBUGS-33945: select required SSHD timeout rule
f386a43 
The rule sshd_set_idle_timeout used to require rule sshd_set_keepalive_0
for Red Hat linuxes. But after ComplianceAsCode#11815 it started to require rules
sshd_set_keepalive.

This selects the rule that satifyes the requirement.
yuumasato added a commit to yuumasato/scap-security-guide that referenced this pull request Jun 27, 2024
@yuumasato
OCPBUGS-33945: select required SSHD timeout rule
5d53fe2 
The rule sshd_set_idle_timeout used to require rule sshd_set_keepalive_0
for Red Hat linuxes. But after ComplianceAsCode#11815 it started to require rules
sshd_set_keepalive.

This selects the rule that satifyes the requirement.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcusburghardt marcusburghardt marcusburghardt approved these changes

@vojtapolasek vojtapolasek Awaiting requested review from vojtapolasek

Assignees

@marcusburghardt marcusburghardt

Labels
Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.73
Development

Successfully merging this pull request may close these issues.

CCE-90811-1 is notselected by SSG, however for DISA STIG it fail
3 participants
@Mab879 @jan-cerny @marcusburghardt