Add postfix package requirement and audit retention controls to multiple profile controls#14612
Add postfix package requirement and audit retention controls to multiple profile controls#14612Arden97 wants to merge 4 commits intoComplianceAsCode:masterfrom
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
Arden97
requested review from
a team,
Mab879,
jan-cerny,
matusmarhefka and
vojtapolasek
as code owners
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
@ComplianceAsCode/suse-maintainers can you please take a look as well? |
teacup-on-rockingchair
left a comment
teacup-on-rockingchair
left a comment
There was a problem hiding this comment.
In products/sle15/profiles/pci-dss-4.profile can you please add a line
- !package_postfix_installed
So the checks for missing CCE is not failing for sle15 platform
Mab879
left a comment
Mab879
left a comment
There was a problem hiding this comment.
The following rules in ssg-sle12-ds.xml are missing CCEs:
xccdf_org.ssgproject.content_rule_package_postfix_installed
Can you double check this?
Hey @Mab879 since @Arden97 was struggling for some time with that one, and it seems that the solution was not obvious simply to exclude the rule from the default and pci-dss profile I suggested in #14612 (comment) that he can go on like this and once he merges his effort I will handle it in a separate PR |
|
@teacup-on-rockingchair no worries, the solution was to update both sle12 |
3 participants
Description:
auditdemail-related error forcis,pci-dss,stigandhipaaprofilesRationale:
package_postfix_installedrule to profile controlscis_*option forvar_auditd_space_left_actionstill allowsemailvalue forspace_left_actionin/etc/audit/auditd.conf./usr/lib/sendmailis not executable after hardening #14560Review Hints:
atexto reserve testing environment and run/scanning/boot-errors/test for updated profiles