Rule 5.2.20 expects values different than 0, but previous form of the… #171
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
- Yum repos, - bootloader, - crypto policies, - SELinux - NTP Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
- Sections 2.2 && 2.3 - Section 3 - Section 4.1 Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: root@DERVISHx <nuno.carvalho@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…om:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/document_main_variables
…t/document_main_variables
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
[IP] I see no benefit to duplicate vars in defaults/main.yml in other files like specific vars for Alma/Rocky, especially since we're using the same values for those vars. Also, replacing rsyslog with journald is not fine for this current doc-extension proposal. This reverts commit a57333d.
…y shouldn't be altered Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…sks. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…sks. Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…v/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel
…-to-date "devel" branch Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…-to-date "devel" branch Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…evel) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…v/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…v/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Ensuring "session optional pam_umask.so" is present in /etc/pam.d/{system-auth | password-auth}
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…rom the `/etc/default/grub` approach to `grubby`(actually used by CIS) Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…emens/rhel9/devel' Aplying patch to be used for extending-documentation See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!17
…rhel9/devel' Solving conflicts after previous commit: See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!19
…/devel' Grubby: secure-configuration of 'audit' and 'audit_backlog_limit' See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!20
… task was setting CountMax to 0 Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
…rown during Rebase Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
… code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/5_2_20_Wrong_Value_clientalivecountmax
|
This is a good catch, uk-bolly |
Signed-off-by: Pruteanu <ionut.pruteanu@siemens.com>
|
I created a new PR, as current one fails one will try to use rebase(against devel). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CountMax: 0 -> 3
Overall Review of Changes:
Use correct value
Issue Fixes:
#170
Enhancements:
Use correct value
Extra question(not about
ClientAliveCountMax), but aboutClientAliveIntervalEdit the /etc/ssh/sshd_config file to set the parameters according to site policy.
Example:
Current
develbranch uses 900(seconds), is there a good reason why we're not following a value close to ~15(CIS-recommended value)Anyhow, for both 900 and 15 seconds, CIS returns a PASS.
How has this been tested?:
EC2