Watson Yuuma Sato
Watson Yuuma Sato
#### Description: - In RHEL8, drop Anaconda remediations not applicable for RHV - They are breaking hardened install with oscap-anaconda-addon - Add remediation conditonals for `ovirt` and `no_ovirt` CPEs -...
#### Description of problem: Remediation of rule `grub2_ipv6_disable_argument` in CIS profile makes all sysctl ipv6 variable unavailable, causing sysctl ipv6 rules to `fail`. After remediation of `grub2_ipv6_disable_argument`, the following rules...
The template for `service_enabled` creates new criterions for `package_installed` instead of extending. If a rule for the package installed already exists, this will end up creating two similar OVAL objects:...
#### Description: - As the rule is parametrized to use a variable, the check should use it for remediation. #### Rationale: - The rule's extended definition checks are leveragin the...
#### Description: - Remove `github-token` from the `Upsert comment on the PR` job. #### Rationale: - Addresses two warning: https://github.com/ComplianceAsCode/content/actions/runs/7961404888 - It seems that the default value of `${{ github.token...
#### Description: - Based on the Manual OCP4 STIG Benchmark and the SRG_CTR add a OCP4 STIG specific control file. - With the OCP4 STIG control file we can leverage...
#### Description: - The correct path for the db lock file is: /etc/openvswitch/.conf.db.~lock~ - Note: the rule checked the correct path. Only the description was incorrect. #### Rationale: - The...
#### Description: - `3.1`, `3.2`, `3.3`, `3.4`, `3.7` are not applicable to OCP. - `3.5` is partially applicable, due to Requirement `3.5.1`. - `3.6` is inherently met.
#### Description: - Let's use `oauth_or_oauthclient_inactivity_timeout` instead of `oautclient_inactivity_timeout`. #### Rationale: - The former rule checks for server and client token timeout configuration is multiple places and remediates the server...
#### Description: - Re-add the syctl runtime checks to test https://github.com/ComplianceAsCode/compliance-operator/pull/497 #### Rationale: - It seems taht when CO's "scanner" pod has "HostNetwork" option set to true, these sysctls are...