Skip to content

Add rules to RHEL 10 CIS 7.1.10 #14064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 3, 2025
Merged

Add rules to RHEL 10 CIS 7.1.10 #14064

merged 1 commit into from
Nov 3, 2025
+38 −11

Conversation

@Mab879
Copy link
Member

@Mab879 Mab879 commented Oct 30, 2025

Description:

Add rules to RHEL 10 CIS 7.1.10 to fully cover the control.

Rationale:

To better cover the control

Fixes OPENSCAP-6118

@Mab879 Mab879 added this to the 0.1.79 milestone Oct 30, 2025
@Mab879 Mab879 added Update Profile Issues or pull requests related to Profiles updates. CIS CIS Benchmark related. RHEL10 Red Hat Enterprise Linux 10 product related. labels Oct 30, 2025
@vojtapolasek vojtapolasek self-assigned this Oct 30, 2025
@vojtapolasek
Copy link
Collaborator

vojtapolasek commented Oct 30, 2025

/retest

vojtapolasek
vojtapolasek reviewed Oct 30, 2025
View reviewed changes
controls/cis_rhel10.yml
Copy link
Collaborator

@vojtapolasek vojtapolasek Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the rule file_etc_security_opasswd is actually redundant here. It just merges checking for file / group / permissions into one rule.

Copy link
Collaborator

@vojtapolasek vojtapolasek Oct 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also add appropriate CCEs to rules.

@Mab879 Mab879 force-pushed the fix_OPENSCAP-6118 branch from 6878fe9 to fda3f7e Compare October 30, 2025 16:57
vojtapolasek
vojtapolasek reviewed Oct 31, 2025
View reviewed changes
@Mab879 Mab879 marked this pull request as draft October 31, 2025 11:24
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Oct 31, 2025
@Mab879 Mab879 force-pushed the fix_OPENSCAP-6118 branch 2 times, most recently from afc2ef1 to 042b66a Compare October 31, 2025 13:10
@Mab879 Mab879 marked this pull request as ready for review October 31, 2025 13:14
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Oct 31, 2025
@Mab879 Mab879 force-pushed the fix_OPENSCAP-6118 branch from 042b66a to fa15b84 Compare October 31, 2025 14:11
@Mab879
Add rules to RHEL 10 CIS 7.1.10
6010530 
To better cover the control
@Mab879 Mab879 force-pushed the fix_OPENSCAP-6118 branch from fa15b84 to 6010530 Compare October 31, 2025 16:05
@openshift-ci
Copy link

openshift-ci bot commented Oct 31, 2025

@Mab879: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-node-compliance 6010530 link true /test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

vojtapolasek
vojtapolasek approved these changes Nov 3, 2025
View reviewed changes
Copy link
Collaborator

@vojtapolasek vojtapolasek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM now

@vojtapolasek vojtapolasek merged commit 3222c29 into ComplianceAsCode:master Nov 3, 2025
139 of 140 checks passed
@sync-cac-oscal-bot sync-cac-oscal-bot bot mentioned this pull request Nov 3, 2025
Merged
@Mab879 Mab879 deleted the fix_OPENSCAP-6118 branch November 3, 2025 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vojtapolasek vojtapolasek vojtapolasek approved these changes

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@jan-cerny jan-cerny Awaiting requested review from jan-cerny jan-cerny is a code owner

Assignees

@vojtapolasek vojtapolasek

Labels

CIS CIS Benchmark related. RHEL10 Red Hat Enterprise Linux 10 product related. Update Profile Issues or pull requests related to Profiles updates.

Projects

None yet

Milestone

0.1.79

Development

Successfully merging this pull request may close these issues.

2 participants

@Mab879 @vojtapolasek