Marco Fortina

icon location Rome, Italy icon location Computer Science is my live!

Results 21 comments of Marco Fortina

Fix #11910

I confirm. Also SLES15 uses `/bin/false`: ![image](https://github.com/ComplianceAsCode/content/assets/102903237/5970bb23-4511-49ab-8749-7e1ff78581b3)

Issue on check on firewall rules (Ubuntu 22-04 + UFW)

> > > for firewall rules you will need to use a tailoring file to select the firewall you want. By default the profile is enabled for nftables only. >...

Fix #11910

> > I confirm. Also SLES15 uses `/bin/false`: > > ![image](https://private-user-images.githubusercontent.com/102903237/328156546-5970bb23-4511-49ab-8749-7e1ff78581b3.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ5OTM2NDYsIm5iZiI6MTcxNDk5MzM0NiwicGF0aCI6Ii8xMDI5MDMyMzcvMzI4MTU2NTQ2LTU5NzBiYjIzLTQ1MTEtNDlhYi04NzQ5LTdlMWZmNzg1ODFiMy5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNTA2JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDUwNlQxMTAyMjZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1lNmFmNzhhY2VlNzFkMGI0OGIwZmJjOTYyOTgxYmJmZjNjMDE1YjdjNjk0ZGYzZDk3NDRkMWY1YmY2NTRmZjA3JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.rmeWqj3LuMhHMaQX_32StPLrmm4DlZte9NOxdzPjiCE) > > Could you include `sle15` in the condition, please? FYI @teacup-on-rockingchair done, but I included SLE because also...

Fix #11910

> @marcofortina there is still one test failing on sles Yes :( I'm installing a SLES15 vm right now to check the patched rule.

Fix #11910

Checked manually on SLES15 vm. With this PR: ``` localhost:~/scap-security-guide/build # oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis --rule xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts ssg-sle15-ds.xml WARNING: Datastream component 'scap_org.open-scap_cref_pub-projects-security-oval-suse.linux.enterprise.15-patch.xml.bz2' points out to the remote 'https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.15-patch.xml.bz2'. Use...

Fix #11910

``` ERROR - Rule 'no_shelllogin_for_systemaccounts' test setup script 'system_user_with_shell.fail.sh' failed with exit code 6 ERROR - Environment failed to prepare, skipping test INFO - Script last_uid_min.pass.sh using profile (all) OK...

CIS 1.3.1 Ensure AIDE is installed

> The `database` message is just a warning and we are not yet planning to move to `database_in` now as this is not backwards compatible and the warning doesn't prevent...

CIS 5.5.2 Ensure system accounts are secured

Version 0.1.72 does not report this error: ``` Title Ensure that System Accounts Do Not Run a Shell Upon Login Rule xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts Result pass ``` master branch (commit 59013f66872e02613ba822587d7c5d57ba92cd9e): ```...

CIS 5.5.2 Ensure system accounts are secured

Last good commit c35978fb981d6938c1a40230e6a419cc128ed633: ``` Title Ensure that System Accounts Do Not Run a Shell Upon Login Rule xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts Result pass ``` From commit a936357f1f2226ce25ba478ee82217584ecd980f: ``` Title Ensure that System...

CIS 5.5.2 Ensure system accounts are secured

PR #11896 broke pass result on Ubuntu 22.04 I agree on the usage of `/usr/sbin/nologin` instead of `/bin/false`, but only after all packages change their own users in `/etc/passwd` and...