Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix OS Release Comparing: 8.10 #39

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Fix OS Release Comparing: 8.10 #39

wants to merge 8 commits into from
+28 −28

Conversation

jrmetzger
Copy link
Contributor

Tested against 8.10. Regex for 8.1 and fails test. Should add End of Line for regex to differ 8.1 with 8.10

@jrmetzger
Update for 8.10
865dd14 
Tested against 8.10. Regex for 8.1 and fails test. Should add End of Line for regex to differ 8.1 with 8.10
@jrmetzger jrmetzger self-assigned this Jan 13, 2025
@jrmetzger jrmetzger changed the base branch from main to faillock_dir_dynamic January 13, 2025 20:42
@aaronlippold
Copy link
Member

Please update the patch version in the inspec.yml - as part of this PR as well

@aaronlippold
Copy link
Member

each time we do a merge to main we have to update the version here so that inspec knows to pull down the updated code

https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline/blob/main/inspec.yml#L7C1-L7C16

@aaronlippold
Copy link
Member

The logic here is:

version: 1.14.1

STIG Version 1 Release 14 of the benchmark generally

and we have made .... 1,2,3 ... n patches and fixes to the test.

Then we can make a set of releases v1.14.x -> v1.14 -> v1 So folks can 'pin' as they need to and don't 'run off main' in real workflows.

https://mitre.github.io/saf-training/courses/profile-dev-test/02.html

@jrmetzger
Copy link
Contributor Author

The logic here is:

version: 1.14.1

STIG Version 1 Release 14 of the benchmark generally

and we have made .... 1,2,3 ... n patches and fixes to the test.

Then we can make a set of releases v1.14.x -> v1.14 -> v1 So folks can 'pin' as they need to and don't 'run off main' in real workflows.

https://mitre.github.io/saf-training/courses/profile-dev-test/02.html

Will note for https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline/tree/faillock_dir_dynamic branch upstream from this

@jrmetzger
Update inspec.yml
50a0b95 
bump inspec version
@jrmetzger jrmetzger changed the base branch from faillock_dir_dynamic to main January 14, 2025 13:05
@jrmetzger jrmetzger mentioned this pull request Jan 17, 2025
Open
@jrmetzger jrmetzger requested a review from em-c-rod January 17, 2025 21:11
jrmetzger
jrmetzger commented Jan 17, 2025
View reviewed changes
controls/SV-230342.rb Outdated Show resolved Hide resolved
@jrmetzger jrmetzger linked an issue Jan 17, 2025 that may be closed by this pull request
Fix OS Release Comparing: 8.10 #43
Open
@jrmetzger jrmetzger changed the title Update for 8.10 Fix OS Release Comparing: 8.10 Jan 17, 2025
aaronlippold
aaronlippold reviewed Jan 17, 2025
View reviewed changes
controls/SV-230332.rb
@@ -87,7 +87,7 @@
!input('central_account_management')
}

if os.release.to_f >= 8.2
if Gem::Version.new(os.release) >= Gem::Version.new('8.2')
Copy link
Member

@aaronlippold aaronlippold Jan 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We never call direct ruby in controls as it executes on the runner not the target.

The `round() method off Float would likely be the better solution.

Something like os.release.to_f.round(2) may be what you are looking for. Chaining it this way off an inspec resource ensures the code runs on the target - in either local or remote scanning.

aaronlippold
aaronlippold requested changes Jan 17, 2025
View reviewed changes
inspec.yml
@@ -4,7 +4,7 @@ maintainer: MITRE SAF Team
copyright: MITRE
license: Apache-2.0
summary: "This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]."
version: 1.14.1
version: 1.14.2
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My guidance to you on this was incorrect. I was reminded that we only update the version on release not on general updates to main. My appologies.

@aaronlippold
Copy link
Member

I created a PR on the inspec side to fix this - inspec/inspec#7271

You may be able to just drop my udpated os resource into your profiles libraries directy to handle this as I took your approach and just moved it to the resource level vs the control level.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaronlippold aaronlippold aaronlippold requested changes

@wdower wdower Awaiting requested review from wdower

@em-c-rod em-c-rod Awaiting requested review from em-c-rod

Assignees

@jrmetzger jrmetzger

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix OS Release Comparing: 8.10
2 participants
@jrmetzger @aaronlippold