Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update profile to match CIS v1.1.0 #54

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Update profile to match CIS v1.1.0 #54

wants to merge 9 commits into from

Conversation

csabapatyi
Copy link
Contributor

I modified the controls where I could, so now the profile matches to the CIS v.1.1.0

@chris-rock chris-rock requested a review from rarenerd October 4, 2018 09:45
chris-rock
chris-rock reviewed Oct 4, 2018
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work @itoperatorguy

inspec.lock
@@ -0,0 +1,3 @@
---
lockfile_version: 1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not include lock files

controls/1_1_filesystem_configuration.rb Show resolved Hide resolved
controls/1_1_filesystem_configuration.rb
@@ -237,6 +237,8 @@
end
end

# There is a mistake in the official CIS DIL documentaion 1.1.10-1.1.14 are
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we remove them? I think there is no value in adding CIS misstakes in this profile. We could point this out in the README.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, these can be left out. It's acknowledged as a bug by the CIS maintainers, however unresolved for about 8 months now.

@fatbasstard fatbasstard mentioned this pull request Oct 23, 2018
Closed
@fatbasstard
Copy link

@itoperatorguy Are you continuing on this PR? We're looking forward to the updated CiS checks

fatbasstard added a commit to fatbasstard/cis-dil-benchmark that referenced this pull request Oct 24, 2018
@fatbasstard
Processed feedback from original PR
a36f667 
Processed the feedback given on original PR dev-sec#54
fatbasstard added a commit to fatbasstard/cis-dil-benchmark that referenced this pull request Oct 24, 2018
@fatbasstard
Processed feedback from original PR
17b289f 
Processed the feedback given on original PR dev-sec#54

Signed-off-by: Frank van Boven <[email protected]>
fatbasstard added a commit to fatbasstard/cis-dil-benchmark that referenced this pull request Oct 24, 2018
@fatbasstard
Processed feedback from original PR
63f818f 
Processed the feedback given on original PR dev-sec#54

Signed-off-by: Frank van Boven <[email protected]>
fatbasstard added a commit to fatbasstard/cis-dil-benchmark that referenced this pull request Oct 24, 2018
@fatbasstard
Processed feedback from original PR
2798412 
Processed the feedback given on original PR dev-sec#54

Signed-off-by: Frank van Boven <[email protected]>
fatbasstard added a commit to fatbasstard/cis-dil-benchmark that referenced this pull request Oct 24, 2018
@fatbasstard
Processed feedback from original PR
a77acf8 
Processed the feedback given on original PR dev-sec#54

Signed-off-by: Frank van Boven <[email protected]>
fatbasstard added a commit to fatbasstard/cis-dil-benchmark that referenced this pull request Oct 24, 2018
@fatbasstard
Processed feedback from original PR
79c8299 
Processed the feedback given on original PR dev-sec#54
Solved rebase issues

Signed-off-by: Frank van Boven <[email protected]>
fatbasstard added a commit to fatbasstard/cis-dil-benchmark that referenced this pull request Oct 24, 2018
@fatbasstard
Processed feedback from original PR
684483b 
Processed the feedback given on original PR dev-sec#54
Solved rebase issues

Signed-off-by: Frank van Boven <[email protected]>
Dith3r
Dith3r reviewed Feb 5, 2019
View reviewed changes
controls/5_4_user_accounts_and_environments.rb
tag level: 1

command("cat /etc/shadow | cut -d: -f1").stdout.split.each do |username|
describe command('date -d "`export LANG="en_US.UTF-8" ; chage --list root | grep "Last password" | cut -d: -f2`" +%s') do
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of chage --list root it should use username also why u export us settings here?

controls/5_4_user_accounts_and_environments.rb
tag cis: 'distribution-independent-linux:5.4.5'
tag level: 2

command("sudo find /etc/ -maxdepth 1 -name *bashrc*").stdout.split.each do |bashrc_file|
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sudo should not be used in command invocation

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

  %w(bash.bashrc profile bashrc).each do |f|
    next unless file("/etc/#{f}").file?

    describe file("/etc/#{f}") do
      its(:content) { should match /^TMOUT=([1-6]\d{2})|(\d{2})|{\d{1}}(\s*#.*)*$/ }
    end
  end

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsmilam tsmilam tsmilam left review comments

@Dith3r Dith3r Dith3r left review comments

@chris-rock chris-rock chris-rock left review comments

@rarenerd rarenerd Awaiting requested review from rarenerd

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@csabapatyi @fatbasstard @rarenerd @chris-rock @Dith3r @tsmilam