-
Notifications
You must be signed in to change notification settings - Fork 684
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update FIPS warning message to focus on vendor submitting modules for certification #4853
Conversation
added rhel8 to oval check of the rule installed_OS_is_FIPS_certified changed warning for rules from fips group
@vojtapolasek please add/update the banner for the following rules:
|
@vojtapolasek I apologize. on Friday, I might have miss guided you a bit. @redhatrises As he will be out for a while, I'll address the issues. |
oval_sshd_config is not suitable for sshd_use_approved_ciphers check. The check extends installed_OS_is_FIPS_certified. Reverts the check to state before 117db27. Note: Only this check is reverted.
@redhatrises FIPS regulatory warnings updated. I found an issue with check for |
@redhatrises What do you think of a macro for these FIPS regulatory warnings? Something like yuumasato@d36f907 I think you mentioned that checks for FIPS rules should be explicit, that they cannot be templated. Would this restriction apply to the rule text as well? |
Personally, not a fan of macros for duplicated word text as we are always going to have duplicated content, and there is such a thing as over-macro'ing something. However if you choose to macro, only macro the value and not the yaml key. |
In this case, it would make it very easy for content developer to update the warning message.
The macro in yuumasato@d36f907 is just adding a value for We have changed the FIPS warning so frequently that I though it would deserve a macro. But I also think that this warning needs to be as visible as possible. |
Good point. Although, now I don't see us changing to really at all. (I know.... famous last words.) |
LGTM |
Description:
added rhel8 to oval check of the rule installed_OS_is_FIPS_certified
changed warning for rules from fips group