-
Notifications
You must be signed in to change notification settings - Fork 684
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new rules for ANSSI BP28 R22 #6483
Conversation
Changes identified: Show detailsOthers: Recommended tests to execute: |
To check sysctl value net.ipv4.ip_local_port_range we need to modify the template. This value consists of two integers. The OpenSCAP probe and also sysctl command returns these 2 integers separated by a tab. OVAL doesn't have a tuple data type so we represent the value as a string. The string contains the 2 values separated by a space. But to match the sysctl item, we should rather use a regular expression. We still need the space-separated version for the remediation, though. Therefore we can extend the template to allow specify pattern match operation and to allow a regular expression value.
@openscap-ci test this please |
These rules are added by ComplianceAsCode#6483
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just a few typos.
...rk/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations_value.var
Outdated
Show resolved
Hide resolved
...rk/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations_value.var
Outdated
Show resolved
Hide resolved
...network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/tests/comment.fail.sh
Outdated
Show resolved
Hide resolved
Hello @jan-cerny! Thanks for updating this PR. We checked the lines you've touched for PEP 8 issues, and found: There are currently no PEP 8 issues detected in this Pull Request. Cheers! 🍻 Comment last updated at 2020-12-17 08:56:12 UTC |
@jan-cerny: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@openscap-ci test this please |
Issues with |
These rules are added by ComplianceAsCode#6483
These rules are added by ComplianceAsCode#6483
These rules check network related sysctl settings. The R22 requires multiple settings, for some of them we already have rules in our project but for others we have to created new rules.
The PR also extends the sysctl template with new parameters which was needed for rule sysctl_net_ipv4_ip_local_port_range so for this rule it adds also test scenarios.