Marcus Burghardt

icon company Red Hat icon location Germany

Results 191 comments of Marcus Burghardt

Fix crony.d config directory in Ansible in rule chronyd_or_ntpd_set_maxpoll

FYI @ComplianceAsCode/ubuntu-maintainers @ComplianceAsCode/suse-maintainers @ComplianceAsCode/oracle-maintainers

Fix crony.d config directory in Ansible in rule chronyd_or_ntpd_set_maxpoll

@Xeicker , could you also review, please? It also needs approval from @ComplianceAsCode/oracle-maintainers .

[DO NOT MERGE] Testing commit for TF logs workaround

Hi @mildas , is this PR still necessary?

You can't use `sed -i` on /etc/sysctl.d/*.conf

@neutronscott would you like to propose a PR to improve this? I would be happy to review it.

file_permission_user_init_files_root is misaligned with RHEL 9 STIG

It is likely related to https://github.com/ComplianceAsCode/content/pull/11729

file_permission_user_init_files_root is misaligned with RHEL 9 STIG

It seems fixed by https://github.com/ComplianceAsCode/content/pull/11890

no_shelllogin_for_systemaccounts is misaligned with DISA

Currently this is the relevant line in OVAL: `^(?!root).*:x:([\d]+):[\d]+:[^:]*:[^:]*:(?!\/usr\/sbin\/nologin|\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt|\/bin\/false|\/usr\/bin\/false).*$`

no_shelllogin_for_systemaccounts is misaligned with DISA

> IIUC using `/bin/false` will also prevent the user from login but `/sbin/nologin` will also display a message to the user that tries to login. I would say that for...

no_shelllogin_for_systemaccounts is misaligned with DISA

I am preparing the fix to restrict the list of shells in this OVAL. However, we should still talk to DISA so they can extend the check on their side...

ANSSI profile configures unsupported password hashing algorithm on RHEL 8

> pam_unix.so We can safely update this to use 65536 with sha512.