chef-os-hardening
chef-os-hardening copied to clipboard
dev-sec
This chef cookbook provides numerous security-related configurations, providing all-round base protection.
On systems with secure boot, `/boot/efi` is `vfat`, and disabling it causes the host to no longer boot cleanly. Depending on the environment, it may not boot at all. At...
This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.31.1). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases...
![cookstyle[bot] avatar](https://avatars.githubusercontent.com/in/78849?v=4 "cookstyle[bot] avatar"){kind=avatar}
**Describe the bug** Controls for test os-13 from the linux baseline is failing. **Expected behavior** `Pass` results for those tests. **Actual behavior** ```paste below × os-13: Protect cron directories and...
Command `chef exec rake lint` fails, foodcritic has apparently been deprecated, recommends using `cookstyle` ``` $ chef exec rake lint rake aborted! LoadError: cannot load such file -- foodcritic /home/zork/learn-chef-infra/chef-os-hardening/Rakefile:5:in...
**Describe the bug** ``` include_recipe 'os-hardening' ``` pam-auth-update --package prompts for debconf during the chef-run and it fails **Expected behavior** A clear and concise description of what you expected to...
**Describe the bug** When running kitchen acceptance testing with the `enforce_idempotency: true` option set under the provisioner. **Expected behavior** On multiple chef runs, when nothing changes, no changes should be...
Tests for it are included in the linux-baseline, but we do not have any implementation within this cookbook (See #181)
It would be cool to have it here, similar to the puppet PR https://github.com/dev-sec/puppet-os-hardening/pull/137
Fixes: https://github.com/dev-sec/chef-os-hardening/issues/250 Signed-off-by: Artem Sidorenko
**Describe the bug** OpenSuse CI job is failing constantly https://travis-ci.org/dev-sec/chef-os-hardening/jobs/517959157 **Expected behavior** It should pass **Additional context** it looks like a problem with wrong membership of /etc/shadow either here or...