Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update dconf_gnome_disable_ctrlaltdel_reboot and select it in RHEL7 STIG profile. #5993

Merged
merged 2 commits into from
Aug 10, 2020
Merged

Update dconf_gnome_disable_ctrlaltdel_reboot and select it in RHEL7 STIG profile. #5993

merged 2 commits into from
Aug 10, 2020

Conversation

ggbecker
Copy link
Member

Description:

Rationale:

Reference: https://vaulted.io/library/disa-stigs-srgs/red_hat_enterprise_linux_7_security_technical_implementation_guide/V-94843?version=v2r7

@ggbecker ggbecker added this to the 0.1.52 milestone Aug 10, 2020
@ggbecker ggbecker requested a review from redhatrises August 10, 2020 12:58
@ggbecker ggbecker force-pushed the update-stig-RHEL-07-020231 branch from a4613b7 to 978d72c Compare August 10, 2020 13:09
@vojtapolasek vojtapolasek self-assigned this Aug 10, 2020
@ggbecker ggbecker changed the title Update dconf_gnome_disable_ctrlaltdel_reboot and select it in RHEL7 STIG profile. WIP: Update dconf_gnome_disable_ctrlaltdel_reboot and select it in RHEL7 STIG profile. Aug 10, 2020
@openshift-ci-robot openshift-ci-robot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Aug 10, 2020
vojtapolasek
vojtapolasek requested changes Aug 10, 2020
View reviewed changes
Copy link
Collaborator

@vojtapolasek vojtapolasek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for modifications, please see comments.

@vojtapolasek
Copy link
Collaborator

Also note this relted PR:
#5900

@ggbecker
Copy link
Member Author

ggbecker commented Aug 10, 2020
edited
Loading

Also note this relted PR:
#5900

Ok. I see that they had the intention to completely remove the support of spaces in the regex, but I have noticed that both dconf and gsettings can read a key even if there is spaces around the equal sign. So I'll put that in the OVAL.

@ggbecker ggbecker force-pushed the update-stig-RHEL-07-020231 branch from 978d72c to dbb4aa7 Compare August 10, 2020 15:52
@mildas
Copy link
Contributor

mildas commented Aug 10, 2020

Changes identified:
Rule dconf_gnome_disable_ctrlaltdel_reboot:
 Ansible remediation changed.
 Text changed in OVAL check.
 Template usage changed in ansible remediation.
Profile stig on rhel7:
 Rule dconf_gnome_disable_ctrlaltdel_reboot added to stig profile.

Recommended tests to execute:
 build_product rhel7
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel7-ds.xml dconf_gnome_disable_ctrlaltdel_reboot
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-rhel7-ds.xml dconf_gnome_disable_ctrlaltdel_reboot
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-rhel7-ds.xml stig

@ggbecker ggbecker requested a review from vojtapolasek August 10, 2020 16:16
@ggbecker ggbecker changed the title WIP: Update dconf_gnome_disable_ctrlaltdel_reboot and select it in RHEL7 STIG profile. Update dconf_gnome_disable_ctrlaltdel_reboot and select it in RHEL7 STIG profile. Aug 10, 2020
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Aug 10, 2020
@openshift-ci-robot
Copy link
Collaborator

@ggbecker: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/e2e-aws-ocp4-moderate dbb4aa7 link /test e2e-aws-ocp4-moderate
ci/prow/e2e-aws-rhcos4-moderate dbb4aa7 link /test e2e-aws-rhcos4-moderate

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@vojtapolasek
Copy link
Collaborator

Looks good, thank you.

@vojtapolasek vojtapolasek merged commit d8fb782 into ComplianceAsCode:master Aug 10, 2020
@vojtapolasek vojtapolasek mentioned this pull request Aug 11, 2020
Closed
ggbecker pushed a commit to ggbecker/content that referenced this pull request Aug 11, 2020
@vojtapolasek @ggbecker
Merge pull request ComplianceAsCode#5993 from ggbecker/update-stig-RH…
ee86651 
…EL-07-020231

Update dconf_gnome_disable_ctrlaltdel_reboot and select it in RHEL7 STIG profile.
@marcusburghardt marcusburghardt added RHEL7 Red Hat Enterprise Linux 7 product related. STIG STIG Benchmark related. labels Jun 23, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@vojtapolasek vojtapolasek vojtapolasek approved these changes

@redhatrises redhatrises Awaiting requested review from redhatrises

Assignees

@vojtapolasek vojtapolasek

Labels
RHEL7 Red Hat Enterprise Linux 7 product related. STIG STIG Benchmark related.
Projects
None yet
Milestone
0.1.52
Development

Successfully merging this pull request may close these issues.
5 participants
@ggbecker @vojtapolasek @mildas @openshift-ci-robot @marcusburghardt