Project

General

Profile

Actions
Copy link

Bug #27375

open

Backport improvement made on RHEL8 to RHEL9 and new benchmarks when created

Added by Nicolas CHARLES 3 days ago. Updated 3 days ago.

Status:
New
Priority:
N/A
Assignee:
-
Target version:
Rudder plugins - 8.3
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

This is a meta ticket that list the improvement that has been made as part of RHEL8 development
  • all logins.defs management should go through file_augeas_audit (like 4.5.1.3)
      _audit_items = [
        rudder.Method {
            method = "file_augeas" 
            params = {
                path = "/etc/login.defs" 
                script = r"""check /files/etc/login.defs/PASS_WARN_AGE >= ${login_defs_pass_warn_age}""" 
            }
        }
    ]
  _enforce_items = [
        rudder.Method {
            method = "file_augeas" 
            params = {
                path = "/etc/login.defs" 
                script = r"""set /files/etc/login.defs/PASS_WARN_AGE ${login_defs_pass_warn_age}""" 
                if_script = r"""check /files/etc/login.defs/PASS_WARN_AGE < ${login_defs_pass_warn_age}""" 
            }
        }
    ]
  • gdm configuration should use file_lines_absent (like for 1.8.10)
    _1_8_10 = hardening.Leaf {
    _item_nb = "1.8.10" 
    id = "70b29b74-4688-4b4c-b052-dddb8e5b6312" 
    _audit_items = [rudder.Method {
        method = "file_lines_absent" 
        params = {
            path = "/etc/gdm/custom.conf" 
            lines = "^\s*Enable\s*=\s*true" 
        }
    }]
}
  • confusion in key-value for inet_interfaces = loopback-only

ssh could benefit from file_augeas, but we check the output of sshd -T; so maybe we ought to write it in a file ?

Actions
Copy link
 #1

Updated by Nicolas CHARLES 3 days ago

  • Description updated (diff)
  • Target version set to 8.3
Actions
Copy link

Also available in: Atom PDF