Rule 5.2.20 expects values different than 0, but previous form of the… #171
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: root@DERVISHx <[email protected]>
Signed-off-by: root@DERVISHx <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
- Yum repos, - bootloader, - crypto policies, - SELinux - NTP Signed-off-by: Ionut Pruteanu <[email protected]>
- Sections 2.2 && 2.3 - Section 3 - Section 4.1 Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: root@DERVISHx <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
…om:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/document_main_variables
…t/document_main_variables
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
[IP] I see no benefit to duplicate vars in defaults/main.yml in other files like specific vars for Alma/Rocky, especially since we're using the same values for those vars. Also, replacing rsyslog with journald is not fine for this current doc-extension proposal. This reverts commit a57333d.
…y shouldn't be altered Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
…sks. Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
…sks. Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
…v/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel
…-to-date "devel" branch Signed-off-by: Ionut Pruteanu <[email protected]>
…-to-date "devel" branch Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
…evel) Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
…v/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel
Signed-off-by: Ionut Pruteanu <[email protected]>
…v/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/rhel9/devel Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Ensuring "session optional pam_umask.so" is present in /etc/pam.d/{system-auth | password-auth}
Signed-off-by: Ionut Pruteanu <[email protected]>
…rom the `/etc/default/grub` approach to `grubby`(actually used by CIS) Signed-off-by: Ionut Pruteanu <[email protected]>
Signed-off-by: Ionut Pruteanu <[email protected]>
Revert "Merge branch 'siemens/feat/document_main_variables' into siemens/rhel9/devel" This reverts commit cc3cc03, reversing changes made to d87451a. Signed-off-by: Ionut Pruteanu <[email protected]>
…emens/rhel9/devel' Aplying patch to be used for extending-documentation See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!17
…rhel9/devel' Solving conflicts after previous commit: See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!19
…/devel' Grubby: secure-configuration of 'audit' and 'audit_backlog_limit' See merge request infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis!20
… task was setting CountMax to 0 Signed-off-by: Ionut Pruteanu <[email protected]>
…rown during Rebase Signed-off-by: Ionut Pruteanu <[email protected]>
… code.siemens.com:infosec-pss-gov/security-crafter-baseline-automations/ansible-lockdown/rhel9-cis into siemens/feat/5_2_20_Wrong_Value_clientalivecountmax
|
This is a good catch, uk-bolly |
Signed-off-by: Pruteanu <[email protected]>
|
I created a new PR, as current one fails one will try to use rebase(against devel). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CountMax: 0 -> 3
Overall Review of Changes:
Use correct value
Issue Fixes:
#170
Enhancements:
Use correct value
Extra question(not about
ClientAliveCountMax), but aboutClientAliveIntervalEdit the /etc/ssh/sshd_config file to set the parameters according to site policy.
Example:
Current
develbranch uses 900(seconds), is there a good reason why we're not following a value close to ~15(CIS-recommended value)Anyhow, for both 900 and 15 seconds, CIS returns a PASS.
How has this been tested?:
EC2