RHEL8-CIS icon indicating copy to clipboard operation
RHEL8-CIS copied to clipboard

Published 20 hours ago verified publisher icon ansible-lockdown

Section 1.1.7.4 - 1.1.7.5

Open flwitten opened this issue 2 years ago • 2 comments

Question Shouldn't there be more todo than just adding userquota and groupquota? According to the CIS Benchmark document following steps are taken:

  • add boot option
  • remount
  • create quota db
  • restorecon
  • enable quotas

Environment (please complete the following information):

  • Ansible Version: core 2.11.10
  • Host Python Version: 3.6.8
  • Ansible Server Python Version: 3.6.8
  • Additional Details:

flwitten avatar Apr 16 '22 20:04 flwitten

In addition it seems that the proposed remediation is only valid for ext4 but the default filesystem is xfs.

flwitten avatar Apr 17 '22 08:04 flwitten

hi @flwitten

Thank you for raising this issue, apologies for the delay in responding. This is a difficult one to work upon. As you mentioned it has a few challenges with many variations filesystems sizing etc, to use quotas this needs another package installed as well. As it currently stands I feel we can leave it as is. Due to the very fact it needs a lot setup which then becomes user specific. :) If the community has any ideas on the approach that they would like be seen happy to discuss this and see how we can achieve it.

Best regards

uk-bolly

uk-bolly avatar Jun 08 '22 15:06 uk-bolly

Closing this ticket due to being stale

georgenalen avatar Nov 18 '22 14:11 georgenalen