Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update accounts_password template for OL due to precedence confs #9935

Merged

Conversation

Xeicker
Copy link
Contributor

@Xeicker Xeicker commented Dec 6, 2022

Description:

  • Update accounts_password OVAL for OL to check/remove the configuration in system-auth. Since that one could override the configuration present in pwquality.conf
  • Update remediations for OL8 to remove confs in /etc/security/pwquality.conf.d/ to ensure there aren't non compliant configurations there

Rationale:

  • This manages better the system behavior due to configuration precedences

Review Hints:

  • Automatus test should be enough to validate this new behavior

@openshift-ci openshift-ci bot added the needs-ok-to-test Used by openshift-ci bot. label Dec 6, 2022
@openshift-ci
Copy link

openshift-ci bot commented Dec 6, 2022

Hi @Xeicker. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@github-actions
Copy link

github-actions bot commented Dec 6, 2022

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@Mab879 Mab879 requested a review from a team December 6, 2022 22:49
@Mab879 Mab879 added this to the 0.1.66 milestone Dec 6, 2022
@Mab879 Mab879 added Ansible Ansible remediation update. OVAL OVAL update. Related to the systems assessments. Bash Bash remediation update. Update Rule Issues or pull requests related to Rules updates. and removed Update Rule Issues or pull requests related to Rules updates. labels Dec 6, 2022
Copy link
Contributor

@freddieRv freddieRv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM.
Thank you @Xeicker

shared/templates/accounts_password/ansible.template Outdated Show resolved Hide resolved
shared/templates/accounts_password/ansible.template Outdated Show resolved Hide resolved
shared/templates/accounts_password/ansible.template Outdated Show resolved Hide resolved
shared/templates/accounts_password/ansible.template Outdated Show resolved Hide resolved
shared/templates/accounts_password/ansible.template Outdated Show resolved Hide resolved
shared/templates/accounts_password/ansible.template Outdated Show resolved Hide resolved
Copy link
Member

@marcusburghardt marcusburghardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@marcusburghardt
Copy link
Member

@Xeicker , the testing-farm:fedora-37-x86_64 seems to be stuck and I can't restart it. Could you append this PR to re-trigger it, please?

Xeicker and others added 3 commits January 5, 2023 11:48
In Oracle Linux, when updating the options for pam_pwquality.so in
system-auth it takes precedence to what was set in pwquality.conf.
So this ensures that the configuration is not set in system-auth file

Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
This validates the scenario when the pam_pwquality option is set in
system-auth

Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
@codeclimate
Copy link

codeclimate bot commented Jan 5, 2023

Code Climate has analyzed commit 46defa1 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 49.8% (0.0% change).

View more on Code Climate.

@marcusburghardt marcusburghardt merged commit 0e084b2 into ComplianceAsCode:master Jan 6, 2023
@Xeicker Xeicker mentioned this pull request Feb 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Ansible Ansible remediation update. Bash Bash remediation update. needs-ok-to-test Used by openshift-ci bot. OVAL OVAL update. Related to the systems assessments.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants