Jan Černý comments

Results 394 comments of


                                            Jan Černý

Use Sequoia in RHEL 10 instead of GPG

@ComplianceAsCode/suse-maintainers @ComplianceAsCode/ubuntu-maintainers @ComplianceAsCode/oracle-maintainers Can you please review this? It shouldn't add anything to your product's profiles.

xccdf_org.ssgproject.content_rule_audit_backlog_limit resets backlog limit even if set to valid value

The problem is that the actual check is implemented in a way that it requires that value equals 8192. We need to change the OVAL check to accept also values...

xccdf_org.ssgproject.content_rule_audit_backlog_limit resets backlog limit even if set to valid value

No, it doesn't, the OVAL check for rule `grub2_audit_backlog_limit_argument` checks the bootloader configuration, ie. `/etc/default/grub` and `/boot/loader/entries` (and for Image Mode RHEL `/usr/lib/bootc/kargs.d/`). Setting `-b 8192` in `/etc/audit/rules.d` might be...

Why is configure_crypto_policy checking for existence of /etc/crypto-policies/back-ends/nss.config?

This comment https://github.com/ComplianceAsCode/content/pull/3748#issuecomment-462665269 suggests that it's checked to verify that the crypto policy is actually used and isn't overridden by manually inserted/modified configuration.