content

content copied to clipboard

CMP-3182: Remove unnecessary 4.2.yml assertion files

3

https://github.com/ComplianceAsCode/content/pull/12216 included an extra assertion file for 4.2.yml which we don't need. Likely a typo for 4.12.yml, which was included in the same commit.

rhmdnd

The `old-new` test for `enable_fips_mode` rules is failing

2

#### Description of problem: The `old-new` test for `enable_fips_mode` rules is failing in productization. #### SCAP Security Guide Version: deb05e5f41176b3e3221025309b5b45fcd30ef92 #### Operating System Version: RHEL8, RHEL9 #### Additional Information/Debugging Steps:...

evgenyz

add variable to network providers and add cilium per default

2

#### Description: This PR adds Cilium to the default regex which is checked to see if the CNI Plugin used provides support for network-policies. This PR also makes this value...

sluetze

Incorrect error for "Verify Permissions on the system journal" (Ubuntu 22.04 STIG)

10

#### Description of problem: The `Verify Permissions on the system journal` check for the Ubuntu 22.04 STIG ruleset is slightly off. The check at https://github.com/ComplianceAsCode/content/blob/21a4c72c55245b055fbf2d767beb7e7e704e37e7/linux_os/guide/system/logging/journald/file_permissions_system_journal/rule.yml#L66 checks for `0640` as the...

jaredledvina

ForwardToSyslog via drop-in-file

1

The problem from #9907 also occurs for Ubuntu 24.04. The tests for Rule IDs: xccdf_org.ssgproject.content_rule_journald_forward_to_syslog Only test the content of /etc/systemd/journald.conf and remediations only focus on that files. However, the...

cambid

#### Description of problem: The content is misaligned with an external (third party) content that targets the same policy - typically, this means that a system hardened by our content...

Mab879

#### Description of problem: `sshd_use_approved_ciphers`, `sshd_use_strong_kex` and`sshd_use_strong_macs` have fixers that use `bash_replace_or_append('/etc/ssh/sshd_config')` Appending to `sshd_config` isn't always valid (if there are Match blocks at the end of the file), but...

jeepingben

OCPBUGS-38312: Add auto-remediation for rule service_systemd-coredump_disabled

9

#### Description: Add auto-remediation for rule service_systemd-coredump_disabled #### Rationale: - _Rationale here. Replace this text. Don't use the italics format!_ 1. add auto-remediation for rule service_systemd-coredump_disabled The rule rule service_systemd-coredump_disabled...

xiaojiey

[WIP]Update openshift cluster logging version to 6.1

2

#### Description: openshift logging 6.0 was not not supported since ocp 4.18, updated with logging 6.1 instead. #### Rationale: - _Rationale here. Replace this text. Don't use the italics format!_...

xiaojiey

Rule networkmanager_dns_mode is misaligned with DISA

1

#### Description of problem: The content is misaligned with an external (third party) content that targets the same policy - typically, this means that a system hardened by our content...

jan-cerny