Fix missing OVAL in some of RHEL 8 rules #4927
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These rules have no OVAL in RHEL 8 benchmark. pam_cracklib rules should be RHEL 6 only because since RHEL 7 the pam_cracklib PAM module is replaced by pam_pwquality module.
This rule is used in OCP4, RHEL7, OL7, RHV4, WRLinux 10.19 and WRLinux 8 profiles. However, the OVAL was available only for RHEL 7 and WRLinux 8 which is not aligned with empty element in rule.yml. Since the rule makes sense on most of the operating systems, we can mark the OVAL as multi_platform_all. The rhel7.xml and wrlinux.xml were almost identical, except the platform element, so we can merge them in a single shared.xml.
This OVAL was marked as applicable only on RHEL 8, but the OVAL could be enabled for RHEL8 as well.
Rule mount_option_krb_sec_remote_filesystems specifies prodtype as wrlinux1019,rhel7,rhel8 but the OVAL was available only for RHEL 7. It seems that we can use this OVAL on RHEL 8 and WRLinux 10.19 as well.
|
LGTM. |
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Some of the rules in RHEL 8 becnhmark which aren't part of any RHEL 8 profile don't contain OVALs. This usually happens when OVAL hasn't been written yet. That's fine, but sometimes it's because of wrong prodtype elements or platform elements in OVAL or their mismatch. In this PR we don't add new OVALs but we try to address the second problem for some of the rules.
Read commit messages of each commit for specific details.
Rationale:
Users can add the rules to their profiles by tailoring, but if the rule is missing OVAL it has limited usability for them.