content

content copied to clipboard

add namespace parameter for cluster-test

4

#### Description: this pr adds the ability to define a --namespace parameter for cluster-test in add_kubernetes_rule.py and defines "openshift-compliance" as default #### Rationale: while running `./utils/add_kubernetes_rule.py cluster-test --rule kubelet_anonymous_auth` there...

sluetze

#### Description of problem: Investigate if other banners have the same issue as the one fixed by the following PR: https://github.com/ComplianceAsCode/content/pull/11826 There are banners like /etc/issue, /etc/issue.net for example.

ggbecker

Ansible remediation on Ubuntu looks for wrong PAM files

1

#### Description of problem: fatal error when executing ansible-playbook on Ubuntu 20.04 with ubuntu2004-playbook-stig.yml: `error while evaluating conditional (result_pam_faillock_is_enabled.found == 0): 'dict object' has no attribute 'found'` `/etc/pam.d/system-auth` does not...

naugler

ANSSI profile configures unsupported password hashing algorithm on RHEL 8

5

#### Description of problem: After applying the ANSSI BP028 High profile on RHEL 8, the `passwd` command refuses to change the password and logs suggest that sha512 algorithm is not...

vojtapolasek

harden_sshd_ciphers_opensshserver_conf_crypto_policy is misaligned with DISA

2

#### Description of problem: harden_sshd_ciphers_opensshserver_conf_crypto_policy is misaligned with DISA #### Details: The SSG's rule checks for a specific list of ciphers. It fails because it finds this: ``` Ciphers [email protected],aes256-ctr,[email protected],aes128-ctr...

jan-cerny

harden_sshd_ciphers_openssh_conf_crypto_policy is misaligned with DISA

2

#### Description of problem: harden_sshd_ciphers_openssh_conf_crypto_policy is misaligned with DISA #### Outcome: SSG result: fail DISA result: pass The issue is present in these test variants: - oscap - ansible -...

mildas

#### Description of problem: file_permissions_library_dirs is misaligned with DISA #### Details: SSG's rule passes but DISA's rule flags 2 items that are violating the rule: - /lib/polkit-1/polkit-agent-helper-1 - /usr/lib/polkit-1/polkit-agent-helper-1 It...

jan-cerny

#### Description of problem: service_pcscd_enabled is misaligned with DISA #### Details: The SSG's rule passes even if the service is inactive, it's enough if the corresponding socket is active, but...

jan-cerny

#### Description of problem: accounts_password_pam_retry is misaligned with DISA #### Details: The SSG's rule checks multiple locations and finds `retry = 3` in `/etc/security/pwquality.conf`. The DISA's rule checks only `/etc/pam.d/system-auth`....

jan-cerny

#### Description of problem: accounts_password_pam_pwhistory_remember_system_auth is misaligned with DISA #### Details: The SSG's rule allows to set the remember option also in /etc/security/pwhistory.conf and it prefers this file path. The...

jan-cerny