content

content copied to clipboard

CMP-3566: Ensure a CLF exists and check for secure URLs

10

#### Description: - Add an unfiltered yamlpath to check for existence of ClusterLogForwarders. - Copy the existing check and add the check for CLF existence #### Rationale: - The cluster...

yuumasato

Add new build option to generate ansible roles out of profile ansible playbooks

4

#### Description: - Add new build option to generate ansible roles out of profile ansible playbooks #### Rationale: - This is a first step towards Ansible Collection generation and publishing...

ggbecker

#### Description of problem: The linkchecker test uncovers a URL which returns 404. #### SCAP Security Guide Version: stabilization as of fd0ddbaf67dc4c2a5fc466982b5741d11ea8441c #### Operating System Version: tests run on Fedora...

vojtapolasek

#### Description of problem: On RHEL-8.10, remediating * `/hardening/host-os/ansible/cis` * `/hardening/host-os/ansible/cis_workstation_l2` * `/hardening/host-os/ansible/pci-dss` * `/hardening/host-os/ansible/anssi_bp28_high` fail because the Ansible remediation snippet doesn't get executed, likely due to ``` when: -...

comps

[CMP-3916] Test purpose only

2

#### Description: - _Description here. Replace this text. Don't use the italics format!_ #### Rationale: - _Rationale here. Replace this text. Don't use the italics format!_ - Fixes # _Issue...

xiaojiey

Error when running check content_rule_accounts_umask_interactive_users

2

#### Description of problem: Running the check xccdf_org.ssgproject.content_rule_accounts_umask_interactive_users results in an error. #### SCAP Security Guide Version: 0.1.78 #### Operating System Version: Ubuntu 22.04 LTS #### Steps to Reproduce: 1....

GHDEV00

CMP-3536: Add profile stability for OCP4 CIS profiles

1

We've reimplemented a variant of this testing in the ocp4e2e suite, but using the profile stability testing here saves us some resources and relies on some common tooling that already...

rhmdnd

Make CLO install channel change resilient

1

#### Description: - This patch probes the operator manifest to grab the latest available channel and use that to install CLO. #### Rationale: - Cluster Logging Operator keeps changing the...

yuumasato

Bad `separator_regex` value for validation of Postfix's `smtpd_client_restrictions` configuration-item.

1

#### Description of problem: The scan-regex for the Postfix `smtpd_client_restrictions` is too fragile. #### SCAP Security Guide Version: 0.1.77 #### Operating System Version: EL 9.6 - Red Hat - Oracle...

ferricoxide

xccdf_org.ssgproject.content_rule_audit_backlog_limit resets backlog limit even if set to valid value

3

#### Description of problem: On RHEL 9, we set audit_backlog_limit=32768. However, when running xccdf_org.ssgproject.content_rule_audit_backlog_limit it fails and remediation resets this back to audit_backlog_limit=8192. The logic behind the rule seems to...

abertolli