RHEL 10 STIG Update #12348
RHEL 10 STIG Update #12348
Conversation
Mab879
added
Update Profile
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
* Installing sudo with sudo is non-sense * Remove duplicate vuln_discussion
Fix yaml formatting
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
Mab879
force-pushed
the
rhel10_stig_beta_update
branch
from
3aa006d
to
1a8be2f
Compare
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
There was a problem hiding this comment.
The updates looks good to me. I only have some minor considerations regarding consistence, such as empty lines and quotes. I also saw that some rules are using vuldiscussion in their stig policy declaration while others use vuln_discussion. Are both accepted? It would be good to keep a consistence on this too.
linux_os/guide/system/software/updating/dnf-automatic_apply_updates/policy/stig/shared.yml
Show resolved
Hide resolved
|
Thanks for the review, I have cleaned up titles and empty lines. I cleaned up the I also remove the extraneous text in the GitHub Actions file. |
There was a problem hiding this comment.
LGTM. There is a lot of changes related to text. They were automated and shouldn't have any technical impact, but it would be good other eyes to also take a look if I missed any typo. @ggbecker , could you also take a look, please?
linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/policy/stig/shared.yml
Outdated
Show resolved
Hide resolved
linux_os/guide/services/mail/package_s-nail_installed/policy/stig/shared.yml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Revert back the {{{ full_name }}} in various file. I think you do a search through all the stig files with Red Hat Enterprise Linux 9 to find where we need to revert the change.
Regarding the vuldiscussion vs vuln_discussion topic, I still see places with the vuln_discussion field. It's worth to double check that because there seems to have duplicated data there.
I see that many of the changes are only formatting options, if we can't avoid that, I suggest we do that in a different pull request... maybe having the script to detect if the text is actually different and only perform the change if there is any. Then as a follow up we can open another pull request that will just perform this type of formatting change.
Mab879
force-pushed
the
rhel10_stig_beta_update
branch
from
277f6c7
to
560991f
Compare
For how I have decided that addressing the |
|
Code Climate has analyzed commit 560991f and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.5% (0.0% change). View more on Code Climate. |
I don't see this as something that blocks the PR to get merged. Specially because the changes are automatically populated and we are only interested if the content is accurate, the git history is not that valuable in this context.
Okay, sounds good to me. |
|
I moved policy specific content updates to #12365. |
Description:
Rationale:
Review Hints: