Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add rules to remove setroubleshoot server and plugin packages #6969

Merged
merged 1 commit into from
May 11, 2021
Merged

Add rules to remove setroubleshoot server and plugin packages #6969

merged 1 commit into from
May 11, 2021

Conversation

yuumasato
Copy link
Member

Description:

  • Added rules to remove setroubleshoot-plugins and server.

Rationale:

  • Helps satisfy ANSSI-BP-028 R68

@yuumasato yuumasato added this to the 0.1.56 milestone May 7, 2021
@JAORMX
Copy link
Contributor

JAORMX commented May 7, 2021

@yuumasato is this only used in the ANSSI profiles? Was wondering if this would be a relevant check to add to RHCOS. While setroubleshoot is not packaged nor enabled, at least we could verify that someone hasn't done an unsupported override.

@yuumasato
Copy link
Member Author

@yuumasato is this only used in the ANSSI profiles?

At the moment, and as far as I know yes.

Was wondering if this would be a relevant check to add to RHCOS. While setroubleshoot is not packaged nor enabled, at least we could verify that someone hasn't done an unsupported override.

I see, I'll add them to RHCOS too.

@yuumasato yuumasato force-pushed the uninstall_selinuxtroubleshoot branch from 9458a21 to 4f8e708 Compare May 7, 2021 08:37
@vojtapolasek
Copy link
Collaborator

Hello, thank you for rules. Two comments:

  1. Both rules are missing ocils.
  2. Do you plan to add rules to the high profile later?

@vojtapolasek vojtapolasek self-assigned this May 10, 2021
@yuumasato
Add rules to remove setroubleshoot packages
0c9c768 
Added rules to remove setroubleshoot-plugins and server.
@yuumasato yuumasato force-pushed the uninstall_selinuxtroubleshoot branch from 4f8e708 to 0c9c768 Compare May 10, 2021 12:45
@yuumasato
Copy link
Member Author

@vojtapolasek Thanks for review, I added the OCIL clauses using macro.

I intended to add the rules later, but I see no harm in doing it now.

@vojtapolasek
Copy link
Collaborator

lgtm, thank you

@vojtapolasek vojtapolasek merged commit db443db into ComplianceAsCode:master May 11, 2021
@yuumasato yuumasato deleted the uninstall_selinuxtroubleshoot branch May 11, 2021 08:41
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@vojtapolasek vojtapolasek

Labels
None yet
Projects
None yet
Milestone
0.1.56
Development

Successfully merging this pull request may close these issues.
3 participants
@yuumasato @JAORMX @vojtapolasek