Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Default For mount_tmp_options #10

Merged
merged 5 commits into from
Mar 19, 2024
Merged

Update Default For mount_tmp_options #10

merged 5 commits into from
Mar 19, 2024

Conversation

em-c-rod
Copy link
Contributor

@em-c-rod em-c-rod commented Mar 18, 2024
edited
Loading

  • change default for mount_tmp_options to check that nodev is in the list according to the default STIG requirement
    relevant to
    SV-230511
    SV-230512
    SV-230513

  • Updated the name in the kitchen.inputs.yml file for the mount_tmp_options input because it was named something old.

  • Also removed some unused inputs from the inspec.yml file:
    maxlogins_limit
    sssd_conf_path
    skip_password_privilege_escalation
    promiscuous_mode_required

  • Also removed the inputs defined in container.*.inputs.yml files that are not defined in the inspec.yml file.

em-c-rod added 2 commits March 18, 2024 16:19
@em-c-rod
change default for mount_tmp_options to check that nodev is in the li…
cf784a2 
…st according to the default STIG requirement

Signed-off-by: Emily Rodriguez <[email protected]>
@em-c-rod
update other defaults to true for SV-230512 and SV-230513
7be477a 
Signed-off-by: Emily Rodriguez <[email protected]>
@em-c-rod em-c-rod changed the title Update Default For SV-230511 Update Default For mount_tmp_options Mar 18, 2024
@wdower
Copy link
Contributor

wdower commented Mar 19, 2024

The input is asking whether a particular /tmp mount option should be enabled or not. Setting it to "false" by default means that by default we are saying "this option should not be set on the mounted directory," which is what the check text asks for in the STIG.

Ergo, I do not believe this change should be made.

em-c-rod added 3 commits March 19, 2024 10:30
@em-c-rod
update input name in kitchen.inputs.yml
4a7f3e3 
Signed-off-by: Emily Rodriguez <[email protected]>
@em-c-rod
removed unused inputs
995e81b 
Signed-off-by: Emily Rodriguez <[email protected]>
@em-c-rod
remove inputs that do not exist in inspec.yml file drom the container…
88fffea 
….*.inputs.yml files

Signed-off-by: Emily Rodriguez <[email protected]>
@em-c-rod em-c-rod requested a review from ejaronne March 19, 2024 17:17
@em-c-rod
Copy link
Contributor Author

Reviewed with @wdower. Going to merge and run some scans.

@em-c-rod em-c-rod merged commit 6750eaa into main Mar 19, 2024
6 of 12 checks passed
@em-c-rod em-c-rod deleted the SV-230511 branch March 19, 2024 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ejaronne ejaronne Awaiting requested review from ejaronne

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@em-c-rod @wdower