Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stabilization: Update the sshd_set_keepalive regarding ClientAliveCountMax #9868

Merged
merged 4 commits into from
Nov 28, 2022
Merged

Stabilization: Update the sshd_set_keepalive regarding ClientAliveCountMax #9868

merged 4 commits into from
Nov 28, 2022

Conversation

marcusburghardt
Copy link
Member

@marcusburghardt marcusburghardt commented Nov 23, 2022
edited
Loading

Description:

As described in the sshd_set_keepalive rule description, newer versions of openssh changed the behavior of ClientAliveCountMax. In newer versions, setting the value to 0 disables the timeout, which is not expected in this rule.

Rationale:

Review Hints:

Better to review commit by commit. They are ordered and includes detailed messages.

@marcusburghardt
Refactor OVAL for sshd_set_keepalive
271b295 
It was changed state operation from "less than or equal" to "equals"
since 0 is actually used to disable the timeout and consequently not
valid to achieve the rule requirement. Other changes were made in the
file to make it more readable and aligned to the style guides.
@marcusburghardt
Replace fixed value by the proper variable value
1980738
@marcusburghardt marcusburghardt added bugfix Fixes to reported bugs. Update Rule Issues or pull requests related to Rules updates. labels Nov 23, 2022
@marcusburghardt marcusburghardt added this to the 0.1.65 milestone Nov 23, 2022
@marcusburghardt marcusburghardt requested a review from a team as a code owner November 23, 2022 17:10
@github-actions
Copy link

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@github-actions
Copy link

github-actions bot commented Nov 23, 2022
edited
Loading

This datastream diff is auto generated by the check Compare DS/Generate Diff.
Due to the excessive size of the diff, it has been trimmed to fit the 65535-character limit.

Click here to see the trimmed diff 
bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80927-7
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80927-7
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80927-7

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_group_open_by_handle_at
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80929-3
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80929-3
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80929-3

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_group_openat
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80928-5
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80928-5
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80928-5

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80959-0
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80959-0
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80959-0

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open_by_handle_at' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open_by_handle_at
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open_by_handle_at
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open_by_handle_at' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open_by_handle_at
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_open_by_handle_at
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80960-8
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80960-8
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80960-8

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_openat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_openat
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_openat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_gshadow_openat
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80961-6
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80961-6
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80961-6

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80930-1
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80930-1
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80930-1

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_open_by_handle_at
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80932-7
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80932-7
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80932-7

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_passwd_openat
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80931-9
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80931-9
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80931-9

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80956-6
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80956-6
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80956-6

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open_by_handle_at' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open_by_handle_at
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open_by_handle_at
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open_by_handle_at' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open_by_handle_at
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_open_by_handle_at
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80957-4
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80957-4
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80957-4

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_openat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_openat
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_openat' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_etc_shadow_openat
@@ -19,8 +19,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80958-2
 - NIST-800-53-AC-2(4)
@@ -156,8 +156,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80958-2
 - NIST-800-53-AC-2(4)
@@ -293,8 +293,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80958-2

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_immutable' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_immutable
+++ xccdf_org.ssgproject.content_rule_audit_rules_immutable
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # Traverse all of:
 #

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_immutable' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_immutable
+++ xccdf_org.ssgproject.content_rule_audit_rules_immutable
@@ -23,8 +23,8 @@
 patterns: '*.rules'
 register: find_rules_d
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80708-1
 - CJIS-5.4.1.1
@@ -49,8 +49,8 @@
 loop: '{{ find_rules_d.files | map(attribute=''path'') | list + [''/etc/audit/audit.rules'']
 }}'
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80708-1
 - CJIS-5.4.1.1
@@ -77,8 +77,8 @@
 - /etc/audit/audit.rules
 - /etc/audit/rules.d/immutable.rules
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80708-1
 - CJIS-5.4.1.1

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_mac_modification' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_mac_modification
+++ xccdf_org.ssgproject.content_rule_audit_rules_mac_modification
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 # Create a list of audit *.rules files that should be inspected for presence and correctness

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_mac_modification' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_mac_modification
+++ xccdf_org.ssgproject.content_rule_audit_rules_mac_modification
@@ -23,8 +23,8 @@
 patterns: '*.rules'
 register: find_existing_watch_rules_d
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80721-4
 - CJIS-5.4.1.1
@@ -47,8 +47,8 @@
 patterns: '*.rules'
 register: find_watch_key
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -71,8 +71,8 @@
 all_files:
 - /etc/audit/rules.d/MAC-policy.rules
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - find_watch_key.matched is defined and find_watch_key.matched == 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -95,8 +95,8 @@
 all_files:
 - '{{ find_watch_key.files | map(attribute=''path'') | list | first }}'
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - find_watch_key.matched is defined and find_watch_key.matched > 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -121,8 +121,8 @@
 create: true
 mode: '0640'
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -147,8 +147,8 @@
 patterns: audit.rules
 register: find_existing_watch_audit_rules
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80721-4
 - CJIS-5.4.1.1
@@ -172,8 +172,8 @@
 create: true
 mode: '0640'
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - find_existing_watch_audit_rules.matched is defined and find_existing_watch_audit_rules.matched
 == 0
 tags:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_media_export' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_media_export
+++ xccdf_org.ssgproject.content_rule_audit_rules_media_export
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_media_export' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_media_export
+++ xccdf_org.ssgproject.content_rule_audit_rules_media_export
@@ -22,8 +22,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80722-2
 - CJIS-5.4.1.1
@@ -162,8 +162,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-80722-2
 - CJIS-5.4.1.1
@@ -302,8 +302,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - audit_arch == "b64"
 tags:
 - CCE-80722-2

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
+++ xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
+++ xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
@@ -21,8 +21,8 @@
 set_fact:
 audit_arch: b{{ ansible_architecture | regex_replace('.*(\d\d$)','\1') }}
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80723-0
 - CJIS-5.4.1.1
@@ -162,8 +162,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80723-0
 - CJIS-5.4.1.1
@@ -303,8 +303,8 @@
 state: present
 when: syscalls_found | length == 0
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - audit_arch == "b64"
 tags:
 - CCE-80723-0
@@ -329,8 +329,8 @@
 patterns: '*.rules'
 register: find_existing_watch_rules_d
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80723-0
 - CJIS-5.4.1.1
@@ -354,8 +354,8 @@
 patterns: '*.rules'
 register: find_watch_key
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -380,8 +380,8 @@
 all_files:
 - /etc/audit/rules.d/audit_rules_networkconfig_modification.rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched == 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -405,8 +405,8 @@
 all_files:
 - '{{ find_watch_key.files | map(attribute=''path'') | list | first }}'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched > 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -432,8 +432,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -459,8 +459,8 @@
 patterns: audit.rules
 register: find_existing_watch_audit_rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80723-0
 - CJIS-5.4.1.1
@@ -485,8 +485,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_audit_rules.matched is defined and find_existing_watch_audit_rules.matched
 == 0
 tags:
@@ -512,8 +512,8 @@
 patterns: '*.rules'
 register: find_existing_watch_rules_d
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80723-0
 - CJIS-5.4.1.1
@@ -537,8 +537,8 @@
 patterns: '*.rules'
 register: find_watch_key
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -563,8 +563,8 @@
 all_files:
 - /etc/audit/rules.d/audit_rules_networkconfig_modification.rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched == 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -588,8 +588,8 @@
 all_files:
 - '{{ find_watch_key.files | map(attribute=''path'') | list | first }}'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched > 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -615,8 +615,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -642,8 +642,8 @@
 patterns: audit.rules
 register: find_existing_watch_audit_rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80723-0
 - CJIS-5.4.1.1
@@ -668,8 +668,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_audit_rules.matched is defined and find_existing_watch_audit_rules.matched
 == 0
 tags:
@@ -695,8 +695,8 @@
 patterns: '*.rules'
 register: find_existing_watch_rules_d
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80723-0
 - CJIS-5.4.1.1
@@ -720,8 +720,8 @@
 patterns: '*.rules'
 register: find_watch_key
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -746,8 +746,8 @@
 all_files:
 - /etc/audit/rules.d/audit_rules_networkconfig_modification.rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched == 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -771,8 +771,8 @@
 all_files:
 - '{{ find_watch_key.files | map(attribute=''path'') | list | first }}'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched > 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -798,8 +798,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -825,8 +825,8 @@
 patterns: audit.rules
 register: find_existing_watch_audit_rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80723-0
 - CJIS-5.4.1.1
@@ -851,8 +851,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_audit_rules.matched is defined and find_existing_watch_audit_rules.matched
 == 0
 tags:
@@ -878,8 +878,8 @@
 patterns: '*.rules'
 register: find_existing_watch_rules_d
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80723-0
 - CJIS-5.4.1.1
@@ -903,8 +903,8 @@
 patterns: '*.rules'
 register: find_watch_key
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -929,8 +929,8 @@
 all_files:
 - /etc/audit/rules.d/audit_rules_networkconfig_modification.rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched == 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -954,8 +954,8 @@
 all_files:
 - '{{ find_watch_key.files | map(attribute=''path'') | list | first }}'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched > 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -981,8 +981,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -1008,8 +1008,8 @@
 patterns: audit.rules
 register: find_existing_watch_audit_rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80723-0
 - CJIS-5.4.1.1
@@ -1034,8 +1034,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_audit_rules.matched is defined and find_existing_watch_audit_rules.matched
 == 0
 tags:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_session_events' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_session_events
+++ xccdf_org.ssgproject.content_rule_audit_rules_session_events
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 # Create a list of audit *.rules files that should be inspected for presence and correctness

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_session_events' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_session_events
+++ xccdf_org.ssgproject.content_rule_audit_rules_session_events
@@ -23,8 +23,8 @@
 patterns: '*.rules'
 register: find_existing_watch_rules_d
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80742-0
 - CJIS-5.4.1.1
@@ -47,8 +47,8 @@
 patterns: '*.rules'
 register: find_watch_key
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -71,8 +71,8 @@
 all_files:
 - /etc/audit/rules.d/session.rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched == 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -95,8 +95,8 @@
 all_files:
 - '{{ find_watch_key.files | map(attribute=''path'') | list | first }}'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched > 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -121,8 +121,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -147,8 +147,8 @@
 patterns: audit.rules
 register: find_existing_watch_audit_rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80742-0
 - CJIS-5.4.1.1
@@ -172,8 +172,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_audit_rules.matched is defined and find_existing_watch_audit_rules.matched
 == 0
 tags:
@@ -198,8 +198,8 @@
 patterns: '*.rules'
 register: find_existing_watch_rules_d
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80742-0
 - CJIS-5.4.1.1
@@ -222,8 +222,8 @@
 patterns: '*.rules'
 register: find_watch_key
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -246,8 +246,8 @@
 all_files:
 - /etc/audit/rules.d/session.rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched == 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -270,8 +270,8 @@
 all_files:
 - '{{ find_watch_key.files | map(attribute=''path'') | list | first }}'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched > 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -296,8 +296,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -322,8 +322,8 @@
 patterns: audit.rules
 register: find_existing_watch_audit_rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80742-0
 - CJIS-5.4.1.1
@@ -347,8 +347,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_audit_rules.matched is defined and find_existing_watch_audit_rules.matched
 == 0
 tags:
@@ -373,8 +373,8 @@
 patterns: '*.rules'
 register: find_existing_watch_rules_d
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80742-0
 - CJIS-5.4.1.1
@@ -397,8 +397,8 @@
 patterns: '*.rules'
 register: find_watch_key
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -421,8 +421,8 @@
 all_files:
 - /etc/audit/rules.d/session.rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched == 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -445,8 +445,8 @@
 all_files:
 - '{{ find_watch_key.files | map(attribute=''path'') | list | first }}'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_watch_key.matched is defined and find_watch_key.matched > 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -471,8 +471,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -497,8 +497,8 @@
 patterns: audit.rules
 register: find_existing_watch_audit_rules
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 tags:
 - CCE-80742-0
 - CJIS-5.4.1.1
@@ -522,8 +522,8 @@
 create: true
 mode: '0640'
 when:
- - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
+ - '"audit" in ansible_facts.packages'
 - find_existing_watch_audit_rules.matched is defined and find_existing_watch_audit_rules.matched
 == 0
 tags:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_sudoers' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_sudoers
+++ xccdf_org.ssgproject.content_rule_audit_rules_sudoers
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 # Create a list of audit *.rules files that should be inspected for presence and correctness

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_sudoers' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_sudoers
+++ xccdf_org.ssgproject.content_rule_audit_rules_sudoers
@@ -18,8 +18,8 @@
 patterns: '*.rules'
 register: find_existing_watch_rules_d
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-90175-1
 - DISA-STIG-RHEL-08-030171
@@ -37,8 +37,8 @@
 patterns: '*.rules'
 register: find_watch_key
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -56,8 +56,8 @@
 all_files:
 - /etc/audit/rules.d/actions.rules
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - find_watch_key.matched is defined and find_watch_key.matched == 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -75,8 +75,8 @@
 all_files:
 - '{{ find_watch_key.files | map(attribute=''path'') | list | first }}'
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - find_watch_key.matched is defined and find_watch_key.matched > 0 and find_existing_watch_rules_d.matched
 is defined and find_existing_watch_rules_d.matched == 0
 tags:
@@ -96,8 +96,8 @@
 create: true
 mode: '0640'
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - find_existing_watch_rules_d.matched is defined and find_existing_watch_rules_d.matched
 == 0
 tags:
@@ -117,8 +117,8 @@
 patterns: audit.rules
 register: find_existing_watch_audit_rules
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 tags:
 - CCE-90175-1
 - DISA-STIG-RHEL-08-030171
@@ -137,8 +137,8 @@
 create: true
 mode: '0640'
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - find_existing_watch_audit_rules.matched is defined and find_existing_watch_audit_rules.matched
 == 0
 tags:

bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_sudoers_d' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_sudoers_d
+++ xccdf_org.ssgproject.content_rule_audit_rules_sudoers_d
@@ -1,5 +1,5 @@
 # Remediation is applicable only in certain platforms
-if rpm --quiet -q audit && [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
+if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 # Create a list of audit *.rules files that should be inspected for presence and correctness

ansible remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_sudoers_d' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_sudoers_d
+++ xccdf_org.ssgproject.content_rule_audit_rules_sudoers_d
@@ -18,8 +18,8 @@
 patterns: '*.rules'
 register: find_existing_watch_rules_d
 when:
+ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
 - '"audit" in ansible_facts.packages'
- - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podma

... The diff is trimmed here ...

@marcusburghardt
Update the test scenario scripts for newer sshd versions
c8bfe34 
As described in the sshd_set_keepalive rule description, after sshd 8.2
the behavior of ClientAliveCountMax was changed. In newer versions,
setting the value to 0 disables the timeout. To properly test the rule,
it is necessary to ensure the variable value in the scripts.
@marcusburghardt
Set the proper rule for RHEL8 STIG control file
a7f8945
@marcusburghardt marcusburghardt added productization-issue Issue found in upstream stabilization process. and removed productization-issue Issue found in upstream stabilization process. labels Nov 24, 2022
@marcusburghardt marcusburghardt changed the title Update the sshd_set_keepalive regarding ClientAliveCountMax Stabilization: Update the sshd_set_keepalive regarding ClientAliveCountMax Nov 28, 2022
@vojtapolasek vojtapolasek self-assigned this Nov 28, 2022
@marcusburghardt marcusburghardt mentioned this pull request Nov 28, 2022
Merged
vojtapolasek
vojtapolasek approved these changes Nov 28, 2022
View reviewed changes
Copy link
Collaborator

@vojtapolasek vojtapolasek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thank you.

@vojtapolasek vojtapolasek merged commit 1fe095b into ComplianceAsCode:stabilization-v0.1.65 Nov 28, 2022
@marcusburghardt marcusburghardt deleted the issue_9830 branch November 28, 2022 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vojtapolasek vojtapolasek vojtapolasek approved these changes

@ggbecker ggbecker Awaiting requested review from ggbecker

@jan-cerny jan-cerny Awaiting requested review from jan-cerny

@mildas mildas Awaiting requested review from mildas

@yuumasato yuumasato Awaiting requested review from yuumasato

Assignees

@vojtapolasek vojtapolasek

Labels
bugfix Fixes to reported bugs. Update Rule Issues or pull requests related to Rules updates.
Projects
None yet
Milestone
0.1.65
Development

Successfully merging this pull request may close these issues.
2 participants
@marcusburghardt @vojtapolasek