Marcus Burghardt
Marcus Burghardt
I also agree to have it in systems with GUI. To complement, the process to enable smartcards, besides the GNOME settings, depend on PAM settings. The respective PAM rule was...
Hi @alexhaydock , Good catch on that. I agree that a likely invalid and certainly undesired value should be not be "blindly" set for remote host in this context, for...
I have some concerns with this approach. Checking the latest STIG benchmarks for RHEL8 and OL8, I confirmed they are almost the same, except the RHEL8 requirement (https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2021-12-03/finding/V-230302) includes an...
> @marcusburghardt well in that case I think it is reasonable to add a check in OVAL to verify that all interactive users have their home directories into `/home`. What...
It would also be great to have test scenarios in this template, so we can better test the affected rules. It is possible to use the `mount_option_home_nosuid` rule as reference.
There is an issue with the same CCE used in two rules: ``` 44/173 Test #44: unique-cces .........................................................***Failed 0.39 sec cce CCE-91546-2 is included in files: - linux_os/guide/system/selinux/selinux_policytype/rule.yml - linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/rule.yml...
> > The changes LGTM. > > But as distros adopt newer versions of `krb5` this rule will not be needed anymore. So how about also restricting the products this...
> I may have found another similar issue here @marcusburghardt: > > https://github.com/ComplianceAsCode/content/blob/8abc99327c0e2fd529195a0ac962b52c27141fd2/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/ansible/shared.yml#L11 > > The regex: `(^[\s]*[^#]umask)\s+(\d+)` doesn't match `umask 077` for example. > > https://regex101.com/r/qoL1w7/1 For the `accounts_umask_etc_profile`...
I will fix the `stable-profiles` test result soon.