Add ansible remediation configure_bind_crypto_policy #12325
Conversation
For configure_bind_crypto_policy rule Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
|
Hi @mrkanon. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
This datastream diff is auto generated by the check Click here to see the full diffNew data stream adds ansible remediation for rule 'xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy'. |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
|
Code Climate has analyzed commit e88bc40 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
jan-cerny
left a comment
There was a problem hiding this comment.
jcerny@fedora:~/work/git/scap-security-guide (pr/12325)$ python3 tests/automatus.py rule --libvirt qemu:///system ssgts_rhel9 --remediate-using ansible configure_bind_crypto_policy
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into /home/jcerny/work/git/scap-security-guide/logs/rule-custom-2024-08-26-1406/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy
INFO - Script absent.fail.sh using profile (all) OK
WARNING - Script bind_not_installed.pass.sh using profile (all) notapplicable
WARNING - Rule xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy evaluation resulted in notapplicable
INFO - Script no_config_file.fail.sh using profile (all) OK
INFO - Script ok.pass.sh using profile (all) OK
INFO - Script overrides.fail.sh using profile (all) OK
Description:
Added
Ansible remediation
Rationale:
In the task filling gaps in OL9 automation, the rule configure_bind_crypto_policy has a remediation deficit with ansible. The logic of the remediation was taken of bash remediation