content
content copied to clipboard
ComplianceAsCode
Disable remediation for accounts_umask_interactive_users on Ubuntu
Description:
- Disable remediation for rule
accounts_umask_interactive_userson Ubuntu by redefining the platform keyword.
Rationale:
- Remediation is too intrusive and modifies files in user's home directory.
- The CIS guide (Ubuntu 22.04 v1, also RHEL8 v3), although it mentions
~/.bashrcand~/.profile, does not actually audit or fix files in user's home directory. In this PR we only remove the fix and retain the audit as it can be useful to the user and is not intrusive.
Additional information
Individual platforms are defined based on the following output. Note that in many cases, the rule is listed under 'related_rules' and is thus not used to generate the content.
$ git grep "- accounts_umask_interactive_users" products/ controls/
controls/cis_rhel7.yml: - accounts_umask_interactive_users
controls/cis_rhel8.yml: - accounts_umask_interactive_users
controls/srg_gpos/SRG-OS-000480-GPOS-00227.yml: - accounts_umask_interactive_users
controls/stig_rhel9.yml: - accounts_umask_interactive_users
products/ol7/profiles/stig.profile: - accounts_umask_interactive_users
products/ol8/profiles/stig.profile: - accounts_umask_interactive_users
products/rhel7/profiles/rhelh-stig.profile: - accounts_umask_interactive_users
products/rhel7/profiles/stig.profile: - accounts_umask_interactive_users
products/rhel8/profiles/stig.profile: - accounts_umask_interactive_users
products/rhv4/profiles/rhvh-stig.profile: - accounts_umask_interactive_users
products/sle15/profiles/default.profile: - accounts_umask_interactive_users
products/ubuntu2004/profiles/cis_level1_server.profile: - accounts_umask_interactive_users
products/ubuntu2204/profiles/cis_level1_server.profile: - accounts_umask_interactive_users
Hi @mpurg. Thanks for your PR.
I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
Start a new ephemeral environment with changes proposed in this pull request:
Fedora Environment
Oracle Linux 8 Environment
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Code Climate has analyzed commit d24cf5a7 and detected 0 issues on this pull request.
The test coverage on the diff in this pull request is 100.0% (50% is the threshold).
This pull request will bring the total coverage in the repository to 58.3% (0.0% change).
View more on Code Climate.
![qlty-cloud-legacy[bot] avatar](https://avatars.githubusercontent.com/in/9403?v=4 "Published by a pub.dev verified publisher"){kind=small}
