Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The rule accounts_polyinstantiated_tmp appears to be fixed #129

Merged
merged 1 commit into from
Mar 26, 2024
Merged

The rule accounts_polyinstantiated_tmp appears to be fixed #129

merged 1 commit into from
Mar 26, 2024

Conversation

Mab879
Copy link
Contributor

@Mab879 Mab879 commented Mar 26, 2024

Since it is fixed we need to remove the wavier.

@comps
Copy link
Contributor

comps commented Mar 26, 2024

This is probably due to ComplianceAsCode/content@13d2d86:

-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle

@jan-cerny would it make sense to fix this for the other ansible rules as well (make them RHEL-9 relevant?) .. I've looked into accounts_polyinstantiated_var_tmp and it seems to have the same issue, and chances are that others from the waivers,

dnf-automatic_apply_updates
dnf-automatic_security_updates_only
accounts_polyinstantiated_var_tmp
force_opensc_card_drivers

do too.

@comps comps merged commit 082d714 into RHSecurityCompliance:main Mar 26, 2024
@Mab879 Mab879 deleted the accounts_polyinstantiated_tmp_fixed branch March 26, 2024 13:39
jan-cerny added a commit to jan-cerny/scap-security-guide that referenced this pull request Mar 27, 2024
@jan-cerny
Do not require existence of /var/tmp/tmp-inst
8f0e767 
We will not require the parent directory to exist, the OVAL test will
pass also if the directory doesn't exist.  It isn't mandatory to create
the parent directory because when the directory doesn't exist, it gets
created automatically by pam. However, if the parent directory exists,
it must have correct mode, otherwise the polyinstantiation will fail.

This change is very similar to the change that we have done to the
sister rule accounts_polyinstantiated_tmp in 13d2d86.

More context:
RHSecurityCompliance/contest#129 (comment)
@jan-cerny jan-cerny mentioned this pull request Mar 27, 2024
Merged
jan-cerny added a commit to jan-cerny/scap-security-guide that referenced this pull request Mar 27, 2024
@jan-cerny
Add Ansible Remediations
5210a71 
This patch extends the Ansible remediations to RHEL 9:
- force_opensc_card_drivers
- dnf-automatic_apply_updates
- dnf-automatic_security_updates_only

More context:
RHSecurityCompliance/contest#129 (comment)
@jan-cerny jan-cerny mentioned this pull request Mar 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Mab879 @comps