-
Notifications
You must be signed in to change notification settings - Fork 684
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update SRG-OS-000114-GPOS-00059 for RHEL 9 STIG #8505
Update SRG-OS-000114-GPOS-00059 for RHEL 9 STIG #8505
Conversation
This datastream diff is auto generated by the check Click here to see the full diffOCIL for rule 'xccdf_org.ssgproject.content_rule_service_autofs_disabled' differs:
--- old datastream
+++ new datastream
@@ -20,5 +20,5 @@
LoadState=masked
UnitFileState=masked
- Is it the case that ?
+ Is it the case that the autofs service is not disabled?
New datastream adds ansible remediation for rule 'xccdf_org.ssgproject.content_rule_usbguard_allow_hid'.
New datastream adds ansible remediation for rule 'xccdf_org.ssgproject.content_rule_usbguard_allow_hid_and_hub'.
New datastream adds ansible remediation for rule 'xccdf_org.ssgproject.content_rule_usbguard_allow_hub'. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few comments. If you can provide a source for device IDs that would be helpful.
linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
Outdated
Show resolved
Hide resolved
...guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
Outdated
Show resolved
Hide resolved
linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
Outdated
Show resolved
Hide resolved
/retest |
2 similar comments
/retest |
/retest |
d2e7e18
to
0bb0184
Compare
I have rebased this pull request on the top of the currrent master branch and I have replaced fix by fixtext and resolved conflict with moving Jinja macro to a different file. |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one minor change requested.
Thanks for the PR.
linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
Outdated
Show resolved
Hide resolved
/retest |
@jan-cerny Can you take look a the merge conflict? |
ec869a1
to
7b882c4
Compare
/retest |
Hi, it's now rebased again. |
/retest |
1 similar comment
/retest |
So those OpenShift CI errors are giving me some pause before I merged them. @rhmdnd or @Vincent056 I think these failures might be valid, can you please confirm? |
3657e29
to
22db548
Compare
I have resolved the conflict and I have rebased on the top of the latest upstream branch. |
/retest |
Since #8564 has just merged, the test should pass once this PR rebase. |
It wasn't aligned with the bash remediations because it doesn't contain the step to add a lock to /etc/dconf/db/local.d/locks/00-security-settings-lock whereas the bash remediation adds the lock. An exception is rule gnome_gdm_disable_automatic_login. Therefore I changed the dconf_ini_file_fix macro so that it looks similar to fix text in the dconf_gnome_disable_automount_open rule, use it in every dconf settings and replace its use in fix in the rule gnome_gdm_disable_automatic_login with a different fix text.
22db548
to
a90a794
Compare
I have rebased on the top of the latest upstream branch. |
/retest |
Waving SSGTS, the tests pass locally. |
Description:
adds fix texts, Ansible remediations, fixes OCIL
Rationale:
RHEL 9 STIG