-
Notifications
You must be signed in to change notification settings - Fork 695
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix rule ubtu 20 010066 #12296
base: master
Are you sure you want to change the base?
Fix rule ubtu 20 010066 #12296
Conversation
Hi @yunimoo. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This datastream diff is auto generated by the check Click here to see the full diffNew data stream adds ansible remediation for rule 'xccdf_org.ssgproject.content_rule_smartcard_configure_crl'. |
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
Could you take a look at the failed tests, specially the |
I think this one might be related to the fact that conditional fails if package is not properly installed beforehand, leading to that notapplicable error? So the fix might be adding in the template for ensuring that package is installed. |
This commit will add in ansible remediation for ubuntu for ensuring the proper definition is defined for smartcards.
Add semicolon (;) to string comparison
the package needed is part of the tests dependencies: @Mab879 do you have any insights on why it seems that the needed package is not getting installed? Is it a bug in ubuntu's automatus? |
the last line looks suspicious to me |
that's not really an issue: and installing apt-utils will cause other problems |
Thank you for the helpful conversations on this. Seems like the packages are installing properly but I am curious, would the test fail / not be applicable if a command is invalid? (i.e., https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_crl/tests/commented.fail.sh#L6) The I have also tried a simpler test:
Which also results in a failure / not applicable when it should pass given the OVALs. Any thoughts on this? |
9db5fa8
to
a14d572
Compare
The packages (Dependencies) do not seem to be the problem. I was able to fix the environment setup and will add in a temporary WIP commit for the tests. I'm noticing that the environment sets up properly but openscap is still showing up as notapplicable when:
Errors also seem to persist on master branch... I have also tried testing out the extended criteria |
Code Climate has analyzed commit 200c341 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
Description:
Original PR: #11078
Rationale:
Review Hints:
Build the product:
To test these changes with Ansible:
To test changes with bash, run the remediation section:
xccdf_org.ssgproject.content_rule_install_smartcard_packages
andxccdf_org.ssgproject.content_rule_smartcard_configure_crl
. Theinstall_smartcard_packages
is required so that tasks insmartcard_configure_crl
can run.Checkout Manual STIG OVAL definitions, and use software like DISA STIG Viewer to view definitions.
This STIG can be tested with the latest Ubuntu 2004 Benchmark SCAP. For reference, please review the latest artifacts: https://public.cyber.mil/stigs/downloads/