content icon indicating copy to clipboard operation
content copied to clipboard
verified publisher icon ComplianceAsCode

CMP-3978: Incorporate SSH version into obsolete parameter rules

Open rhmdnd opened this issue 1 month ago • 4 comments

  • Add parameter for obsolete sshd configuration options
  • Only check ssh protocol if openssh < 7.0
  • Only check UsePrivilegeSeparation if openssh < 7.5

rhmdnd avatar Nov 26 '25 18:11 rhmdnd

Why not just platform: package[openssh-server]<7.0?

evgenyz avatar Nov 27 '25 11:11 evgenyz

See: linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml

evgenyz avatar Nov 27 '25 11:11 evgenyz

You will need add the package to shared/applicability/package.yml

Mab879 avatar Dec 03 '25 15:12 Mab879

@rhmdnd: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-node-compliance 2c0f9b10bb89fbf9381e8853f94a1326bb98ceb5 link true /test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci[bot] avatar Dec 03 '25 21:12 openshift-ci[bot]