content
content copied to clipboard
ComplianceAsCode
Update the profile STIG for OL9
Description:
STIG profiles for OL9 are updated based on preliminary DISA requirements
Rationale:
This is a draft set variables and rules within the profile to better align with DISA STIG draft for OL9
Hi @mrkanon. Thanks for your PR.
I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
Start a new ephemeral environment with changes proposed in this pull request:
rhel8 (from CTF) Environment (using Fedora as testing environment)
Fedora Testing Environment
Oracle Linux 8 Environment
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This datastream diff is auto generated by the check Compare DS/Generate Diff
Click here to see the full diff
OVAL for rule 'xccdf_org.ssgproject.content_rule_installed_OS_is_FIPS_certified' differs.
--- oval:ssg-installed_OS_is_FIPS_certified:def:1
+++ oval:ssg-installed_OS_is_FIPS_certified:def:1
@@ -4,6 +4,7 @@
extend_definition oval:ssg-installed_OS_is_rhcos4:def:1
extend_definition oval:ssg-installed_OS_is_ol7:def:1
extend_definition oval:ssg-installed_OS_is_ol8:def:1
+extend_definition oval:ssg-installed_OS_is_ol9:def:1
extend_definition oval:ssg-installed_OS_is_sle12:def:1
extend_definition oval:ssg-installed_OS_is_sle15:def:1
extend_definition oval:ssg-installed_OS_is_ubuntu1604:def:1
:robot: A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:12021
This image was built from commit: 5f7d1603c687a893a2e9637d488c63c08c561691
Click here to see how to deploy it
If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:12021
Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:12021 make deploy-local
@Xeicker the author sent a force-push after the approval. We have to review the whole PR again before merging it.
@mrkanon whenever possible, avoid overwriting existing commits after a review. It is fine to create an additional commit with the new changes. It also makes the review process easier. In some cases it could be reasonable to rework an existing commit and force-pushing it. In this case, make it clear the reason and what was changed. Thanks for the contributions! :+1:
Code Climate has analyzed commit 5f7d1603 and detected 0 issues on this pull request.
The test coverage on the diff in this pull request is 100.0% (50% is the threshold).
This pull request will bring the total coverage in the repository to 59.4% (0.0% change).
View more on Code Climate.
![qlty-cloud-legacy[bot] avatar](https://avatars.githubusercontent.com/in/9403?v=4 "Published by a pub.dev verified publisher"){kind=small}
@marcusburghardt @Xeicker The changes in the push-force were to clean up the commit history since in the Adjust variables in product OL9 commit some lines with unresolved conflicts were published which were resolved in the Final commit of fix build problems, some have also been eliminated final spaces. An apology for the rework.
@marcusburghardt Hi, sure I'll check it complete. Edit: I see @mrkanon already commented on the rationale, we'll try to avoid this in the future
All good @mrkanon and @Xeicker . Thanks for the contributions and the information. :+1:
The errors are not in the scope of this MR so I'll merge it
The errors are:
ERROR - Environment failed to prepare, skipping test
&
ERROR - Rule evaluation resulted in error, instead of expected fixed during remediation stage
ERROR - The remediation failed for rule 'xccdf_org.ssgproject.content_rule_file_ownership_audit_configuration'.