content icon indicating copy to clipboard operation
content copied to clipboard

verified publisher icon ComplianceAsCode

Metadata

Security automation content in SCAP, Bash, Ansible, and other formats

Results 630 content issues
Sort by recently updated
recently updated
newest added

sysctl template

2 comment

#### Share the context I want to check if sysctl is configured properly: I have a default config provided by the vendor (```/usr/lib/sysctl.d/...conf```). The values get overwritten by parameters saved...

truzzon avatar truzzon

enhancement
triaged

CMP-3978: Incorporate SSH version into obsolete parameter rules

4 comment

- **Add parameter for obsolete sshd configuration options** - **Only check ssh protocol if openssh < 7.0** - **Only check UsePrivilegeSeparation if openssh < 7.5**

rhmdnd avatar rhmdnd

OpenShift

Add python script to refresh the ansible galaxy roles on RedHatOfficial

2 comment

#### Description: - Helper script that triggers a refresh of the RHEL roles in the ansible galaxy.

ggbecker avatar ggbecker

Ansible
do-not-merge/work-in-progress

[duplicate] Add ATEX testing to the upstream CI workflows

2 comment

#### Description: - Atex workflow PR coming from a ComplianceAsCode branch, which should be able to use the secrets accordingly as we are not leaking them. Related to: https://github.com/ComplianceAsCode/content/pull/14203

ggbecker avatar ggbecker

Rule package_rsh_removed could return false positive on Ubuntu with OpenSCAP 1.4.3

2 comment

#### Description of problem: Since version [1.4.3](https://github.com/OpenSCAP/openscap/releases/tag/1.4.3), OpenSCAP's dpkg probe is able to handle virtual packages. This causes an issue with the [package_rsh_removed](https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml) rule. The [package_rsh_removed](https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml) rule checks for the...

0intro avatar 0intro

Debian
Ubuntu
triaged

[RFE-6859] Configurable cipher suites

9 comment

#### Description: This PR adds the ability to configure the cipher suites for the different components in OCP It also adds remediations / makes them configurable and fixes some minor...

sluetze avatar sluetze

OpenShift
needs-ok-to-test

`mount_option_nodev_nonroot_local_partitions` makes UEFI systems unbootable

1 comment

#### Description of problem: Sometimes, when remediating the rule, the system fails to reboot with ``` [ 5.330253] systemd[1]: Mounting /efi... [ 5.655505] FAT-fs (xvda2): Unrecognized mount option "fd=48" or...

comps avatar comps

RHEL
productization-issue
RHEL9
triaged

Some rules scan the hypershift management cluster

#### Description of problem: Some rules don't respect the `ocp4-hypershift-cluster` and `ocp4-hypershift-namespace-prefix` variables, so they scan the management cluster and not the guest one, thus produce incorrect results. List of...

smrtrfszm avatar smrtrfszm

Firewalld-related remediation rules fail on first run but pass on second run in Rocky Linux 9

#### Description of problem: While running the remediate command on a Rocky Linux 9 machine using the CIS Server Level 1 profile (xccdf_org.ssgproject.content_profile_cis_server_l1), the following rules fail during the first...

ojasva-awasthi avatar ojasva-awasthi

triaged

Show CCE identifiers in the HTML rendered control files

2 comment

#### Description: - Show CCE identifiers in the HTML rendered control files. #### Rationale: - CCE are good to uniquely identify rules. - Supersedes #13890 #### Review Hints: - ./build_product...

ggbecker avatar ggbecker

Metadata

2.1k
Stars
671
Forks
Watchers

Owner

verified publisher icon ComplianceAsCode

Metadata

Security automation content in SCAP, Bash, Ansible, and other formats

Back