Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tcp_wrapper/tcpd is depreciated on Redhat8 and hence cls-dil failed for cis-dil-benchmark-3.4.1 #88

Open
Bharathkumarraju opened this issue Aug 23, 2020 · 3 comments

Comments

@Bharathkumarraju
Copy link

Hi Team,

I am running this inspec profile in my rhel8 and it failed like below... since the tcp_wrapper/tcpd is depreciated on Redhat8

× cis-dil-benchmark-3.4.1: Ensure TCP Wrappers is installed (2 failed)

Any work-aroud for this?

thanks,
https://bharathkumaraju.com

@Bharathkumarraju
Copy link
Author

is there anyway i can skip specific check cis-dil-benchmark-3.4.1 in my inspec command ?

@chris-rock
Copy link
Member

Thank you @Bharathkumarraju for your report. We should add an only_if condition that checks for tcp wrapper, see https://docs.chef.io/inspec/dsl_inspec/#use-only_if-to-exclude-a-specific-control. Any PR is welcome to improve the situation.

@Bharathkumarraju
Copy link
Author

@chris-rock meanwhile i did some workaround for to skip the failed checks 👍 thanks!!!

We run checks with packer and my regex_to_skip variable is this.

regex_to_skip           = "/^(((?!cis-dil-benchmark-1.1.[6789])(?!cis-dil-benchmark-1.1.1[01234])(?!cis-dil-benchmark-1.1.[2345])(?!cis-dil-benchmark-1.4.2)(?!cis-dil-benchmark-6.1.[3579])(?!cis-dil-benchmark-1.[16].1.[38])(?!cis-dil-benchmark-3.6.[2345])(?!cis-dil-benchmark-5.4.1.2)(?!cis-dil-benchmark-4.1.12)(?!cis-dil-benchmark-3.4.1)(?!cis-dil-benchmark-1.1.17)(?!cis-dil-benchmark-4.2.4).))*$/"
  provisioner "inspec" {
    inspec_env_vars = ["CHEF_LICENSE=accept"]
    profile         = "https://github.com/dev-sec/cis-dil-benchmark"
    user            = "${var.aws_ssh_user}"
    extra_arguments = [ "--no-distinct-exit",
      "--sudo",
      "--controls",
      "${var.regex_to_skip}"
    ]
  }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants