Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feb24 updates #179

Merged
merged 10 commits into from
Feb 20, 2024
Merged

Feb24 updates #179

merged 10 commits into from
Feb 20, 2024

Conversation

uk-bolly
Copy link
Member

Overall Review of Changes:
Several updates and improvements

Issue Fixes:
#115
#125
#134
#146
#175

Enhancements:
precommit versions
removed added rp_filter from post

How has this been tested?:
Manually and pipeline

@uk-bolly
change logic thanks to @rjacobs1990 see #175
8e7e73b 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly
thanks to @ipruteani-sie #134
0c0dde2 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly
Thanks to @stwongst #125
f0ebe39 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly
thanks to @sgomez86 #146
f6e26ff 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly
Added updates from #115
911f224 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly
removed rp_filter in post added in error
45f5ed1 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly
updated yamllint precommit
6469a65 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly uk-bolly self-assigned this Feb 20, 2024
@uk-bolly
updated fqcn fo json_query
fbe348c 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly
updated
3d3d307 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly
fix typo for virt type query
7b164fd 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
georgenalen
georgenalen approved these changes Feb 20, 2024
View reviewed changes
Copy link
Contributor

@georgenalen georgenalen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@uk-bolly uk-bolly merged commit 40bc7aa into devel Feb 20, 2024
4 checks passed
@uk-bolly uk-bolly deleted the Feb24_updates branch February 20, 2024 15:43
ipruteanu-sie pushed a commit to siemens/RHEL9-CIS that referenced this pull request Feb 21, 2024
@uk-bolly @ipruteanu-sie
Feb24 updates (ansible-lockdown#179)
cdaeb9f 
* change logic thanks to @rjacobs1990 see ansible-lockdown#175

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* thanks to @ipruteani-sie ansible-lockdown#134

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Thanks to @stwongst ansible-lockdown#125

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* thanks to @sgomez86 ansible-lockdown#146

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Added updates from ansible-lockdown#115

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* removed rp_filter in post added in error

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated yamllint precommit

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated fqcn fo json_query

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* fix typo for virt type query

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

---------

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@ipruteanu-sie
Copy link
Contributor

Short question about a recent CIS failure on us, for Control 3.3.7/rp-filter:

In this merge, the POST task written by my colleague @bgro (PR #105), is now removed, ending up with a failure for this control(at least on our side).
There's a discussion about this also on the RHEL Portal, highlighting the fact that different RPMs may imply different values in the config files. However, there's a similar behavior on X11Forwarding SSH parameter for which current devel treats explicitly the /etc/ssh/sshd_config.d/50-redhat.conf file.

My actual question:

Was this POST task doing any harm or what was the reason it got removed ?

PS: Current results, on my side:

$ cat /usr/lib/sysctl.d/50-default.conf | grep rp_filter
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.*.rp_filter = 2
-net.ipv4.conf.all.rp_filter

$ cat /lib/sysctl.d/50-default.conf | grep rp_filter
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.*.rp_filter = 2
-net.ipv4.conf.all.rp_filter

image

ipruteanu-sie pushed a commit to siemens/RHEL9-CIS that referenced this pull request Mar 11, 2024
@uk-bolly @ipruteanu-sie
Feb24 updates (ansible-lockdown#179)
01f1e38 
* change logic thanks to @rjacobs1990 see ansible-lockdown#175

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* thanks to @ipruteani-sie ansible-lockdown#134

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Thanks to @stwongst ansible-lockdown#125

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* thanks to @sgomez86 ansible-lockdown#146

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* Added updates from ansible-lockdown#115

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* removed rp_filter in post added in error

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated yamllint precommit

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated fqcn fo json_query

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* updated

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

* fix typo for virt type query

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>

---------

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly uk-bolly mentioned this pull request Apr 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@georgenalen georgenalen georgenalen approved these changes

Assignees

@uk-bolly uk-bolly

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@uk-bolly @ipruteanu-sie @georgenalen