Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update accounts_tmout #6839

Merged
merged 4 commits into from
Apr 20, 2021
Merged

update accounts_tmout #6839

merged 4 commits into from
Apr 20, 2021

Conversation

vojtapolasek
Copy link
Collaborator

@vojtapolasek vojtapolasek commented Apr 14, 2021
edited
Loading

Description:

  • rename existing tests to clearly distinguish that they test for /etc/profile
  • add another bunch of tests which test the case of a file within /etc/profile.d directory
  • update remediations to remediate through /etc/profile.d/tmout.sh
  • update description and ocil to mention both /etc/profile and also /etc/profile.d/tmout.sh

Rationale:

Until now the rule was focused mainly on /etc/profile. However, editing /etc/profile directly is not a good practice anymore. We should rather modify some file within /etc/profile.d/ directory.
This PR also extends tests to cover all capabilities of check and remediations. Before we were testing only for correct check / remediation of /etc/profile, although /etc/profile.d/*.sh was covered too.
This PR addresses main concerns of #6746 . I am hesitant to remove references to /etc/profile entirely.

@vojtapolasek vojtapolasek added this to the 0.1.56 milestone Apr 14, 2021
@vojtapolasek vojtapolasek marked this pull request as draft April 15, 2021 07:52
@openshift-ci-robot openshift-ci-robot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Apr 15, 2021
@vojtapolasek vojtapolasek changed the title update tests for accounts_tmout update accounts_tmout Apr 15, 2021
@vojtapolasek vojtapolasek marked this pull request as ready for review April 15, 2021 13:50
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Apr 15, 2021
@openscap-ci
Copy link
Collaborator

Changes identified:
Rules:
 accounts_tmout

Show details

Rule accounts_tmout:
 Found change in bash remediation.
 Template usage changed in ansible remediation.

Recommended tests to execute:
 build_product rhel8
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml accounts_tmout
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhel8-ds.xml accounts_tmout

@vojtapolasek
Copy link
Collaborator Author

/retest

@jan-cerny
Copy link
Collaborator

Looks good to me

[jcerny@localhost scap-security-guide{pr/6839}]$ python3 tests/test_suite.py rule --libvirt qemu:///system ssgts_rhel8 accounts_tmout
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2021-04-20-1226/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_accounts_tmout
INFO - Script multiline.pass.sh using profile (all) OK
INFO - Script comment_profile.fail.sh using profile (all) OK
INFO - Script comment_profile_d.fail.sh using profile (all) OK
INFO - Script correct_value_profile.pass.sh using profile (all) OK
INFO - Script correct_value_profile_d.pass.sh using profile (all) OK
INFO - Script line_not_there.fail.sh using profile (all) OK
INFO - Script multiline_profile.fail.sh using profile (all) OK
INFO - Script multiline_profile_d.fail.sh using profile (all) OK
INFO - Script multiline_profile_d.pass.sh using profile (all) OK
INFO - Script supercompliance_profile.pass.sh using profile (all) OK
INFO - Script supercompliance_profile_d.pass.sh using profile (all) OK
INFO - Script wrong_value_profile.fail.sh using profile (all) OK
INFO - Script wrong_value_profile_d.fail.sh using profile (all) OK

@jan-cerny jan-cerny merged commit 03934dd into ComplianceAsCode:master Apr 20, 2021
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.1.56
Development

Successfully merging this pull request may close these issues.
4 participants
@vojtapolasek @openscap-ci @jan-cerny @openshift-ci-robot