auth-select options variable not used #156
Conversation
Signed-off-by: Bernd Grobauer <[email protected]>
Signed-off-by: root@DERVISHx <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
…l which governs if extra params will be configured Signed-off-by: Ionut Pruteanu <[email protected]>
Correction to "when": 1_3_3 Signed-off-by: Joachim la Poutré <[email protected]>
Corrected tag rule_1.8.10 Signed-off-by: Joachim la Poutré <[email protected]>
Corrected tag: rule_5.6.1.1 Signed-off-by: Joachim la Poutré <[email protected]>
Corrected tag: rule_5.6.1.5 Signed-off-by: Joachim la Poutré <[email protected]>
Corrected tags: rule_6.1.8 & rule_6.1.12 Signed-off-by: Joachim la Poutré <[email protected]>
Corrected tag: rule_6.2.3 Signed-off-by: Joachim la Poutré <[email protected]>
Signed-off-by: Joshua Hemmings <[email protected]>
…Therefore var-attr is not needed anymore. Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
…erse_path_filtering_3_3_7 Adding missing lines to usr: sysctl.d/50-default.conf
updates: - [github.com/ansible-community/ansible-lint: v6.22.1 → v6.22.2](ansible/ansible-lint@v6.22.1...v6.22.2)
…ure_default_umask_027_5_6_5 Adding new entry in /etc/pam.d/system-auth
…itVarsRefactoring Siemens/feat/audit vars refactoring
Corrections to tags and a variable
Remove trailing comma to align with other roles
|
We are seeing errors in a merge conflict for this PR. If you can resync to resolve this happy to look at this further. Many thanks uk-bolly |
…mit-ci-update-config [pre-commit.ci] pre-commit autoupdate
…Therefore var-attr is not needed anymore. Signed-off-by: Ionut Pruteanu <[email protected]>
Use the proper sub-task name when authselect custom profile is selected. Signed-off-by: Ionut Pruteanu <[email protected]>
…m:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/bUSE_authSelectOptions
|
@uk-bolly:
However, current impl here is different. Even more, there's NO real check from their part on other authselect options(other than
The rule name says it all, rule deals with 5.4.2 Ensure authselect includes
|
There was a problem hiding this comment.
Trying to understand why this is added?
This is already as as per the guidelines to a sysctl.d file in rule 3.3.7
There was a problem hiding this comment.
Can see the confusion on this one,
the first method pam has been started but the control ends with writing it the second option.
Shall we just remove the pam method and have the second one via shell methods?
There was a problem hiding this comment.
The only purpose of this PR was to highlight that:
- there are some extra
authselectoptions, not explicitly requested by CIS, present in5.4.2 - but encountered within the CIS report, as an impl-example for
5.4.1.
Considering the extra-options will not hurt, please feel free to close this PR, in case is does not help.
|
I can see we still have a large number of PRs open from you, but they all seem to have a huge number of commits assigned for a change to one or two files and is getting very confusing to read when trying to review what is actually changing. NOt sure why we see this number as it doesn't seem right. Kindest regards uk-bolly |
|
Hi @uk-bolly , I think I was incorrectly performing some rebase-commands. Thanks for your message and sorry for the confusion. For current PR, despite current |
Overall Review of Changes:
Other OS flavors have required extra-options for
authselectprofiles.Currently, it seems this is not needed.
Issue Fixes:
#155
Enhancements:
Please list any enhancements/features that are not open issue tickets
How has this been tested?:
N/A