Skip to content

Enforce explicit setting in system-auth#11740

Merged
Mab879 merged 1 commit into
ComplianceAsCode:masterfrom
jan-cerny:issue11697
Mar 21, 2024
Merged

Enforce explicit setting in system-auth#11740
Mab879 merged 1 commit into
ComplianceAsCode:masterfrom
jan-cerny:issue11697

Conversation

@jan-cerny
Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny commented Mar 21, 2024

The rule passes if the rounds option isn't set but the profile uses a value that equals to system default value. This will no longer be possible. We will always require rounds to be set explicitly. The reason is to align the rule with DISA STIG.

The commit also updates the test scenarios to fail if the rounds isn't set and system default is used.

Fixes: #11697

@jan-cerny
Enforce explicit setting in system-auth
8c77155 
The rule passes if the `rounds` option isn't set but the profile
uses a value that equals to system default value. This will no
longer be possible. We will always require `rounds` to be set
explicitly. The reason is to align the rule with DISA STIG.

The commit also updates the test scenarios to fail if the
`rounds` isn't set and system default is used.

Fixes: ComplianceAsCode#11697
@jan-cerny jan-cerny added bugfix Fixes to reported bugs. OVAL OVAL update. Related to the systems assessments. STIG STIG Benchmark related. labels Mar 21, 2024
@jan-cerny jan-cerny added this to the 0.1.73 milestone Mar 21, 2024
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 21, 2024

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)
Open in Gitpod

Fedora Testing Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 21, 2024

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff 
OVAL for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_rounds_system_auth' differs.
--- oval:ssg-accounts_password_pam_unix_rounds_system_auth:def:1
+++ oval:ssg-accounts_password_pam_unix_rounds_system_auth:def:1
@@ -1,5 +1,2 @@
 criteria OR
 criterion oval:ssg-test_system_auth_pam_unix_rounds_is_set:tst:1
-criteria AND
-criterion oval:ssg-test_system_auth_pam_unix_rounds_is_default:tst:1
-criterion oval:ssg-test_system_auth_default_pam_unix_rounds_var:tst:1

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 21, 2024

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11740
This image was built from commit: 8c77155

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11740

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11740 make deploy-local

@qlty-cloud-legacy
Copy link
Copy Markdown

qlty-cloud-legacy Bot commented Mar 21, 2024

Code Climate has analyzed commit 8c77155 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.3% (0.0% change).

View more on Code Climate.

@Mab879 Mab879 self-assigned this Mar 21, 2024
Mab879
Mab879 approved these changes Mar 21, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests pass locally in a VM.

@Mab879 Mab879 merged commit aa3ac3d into ComplianceAsCode:master Mar 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels

bugfix Fixes to reported bugs. OVAL OVAL update. Related to the systems assessments. STIG STIG Benchmark related.

Projects

None yet

Milestone

0.1.73

Development

Successfully merging this pull request may close these issues.

accounts_password_pam_unix_rounds_system_auth is misaligned with DISA

2 participants

@jan-cerny @Mab879