Auditd Management #191
Closed
Auditd Management #191
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fedora belongs in our tests to the RH family, lets make it explicitely here, as ohai detects platform_family on fedora as 'fedora' and not 'rhel'. See dev-sec/linux-baseline#82 for reference Signed-off-by: Artem Sidorenko <[email protected]>
Fedora 27 fails during the converge phase with OOMs with 512mb
Fix fedora shadow permissions
|
@artem-sidorenko - these tests are failing due to a missing DIGITALOCEAN_ACCESS_TOKEN environment variable in rake. |
* Remove dependency on compat_resource (deprecated). Fixes dev-sec#186, but may break older clients * Bumped Chef version to 12.14.60
and resolve the cleanup issue of old configs on our side Signed-off-by: Artem Sidorenko <[email protected]>
Unpin sysctl dependency
Signed-off-by: Christoph Hartmann <[email protected]>
add basic support for amazon linux
The new major release 1.0.0 does not have recipes anymore, we will have to reflect that. Pinning the major version for now. Signed-off-by: Artem Sidorenko <[email protected]>
Lazy pin the sysctl major version
…mplate_source Feature/allow setting template source
Try to detect the good defaults via ohai. Allow overriding of recipes Signed-off-by: Artem Sidorenko <[email protected]>
and DO tests on the full VMs if possible Signed-off-by: Artem Sidorenko <[email protected]>
as rsyslog isn't installed within containers, syslog group doesn't exist and the group of /var/log is root
They will be addressed in a dedicated PRs, esp to the linux-baseline
Container support and dokken tests in travis CI
Signed-off-by: Tim Smith <[email protected]>
There's been a ton of bugfixes and improvements since 11.1. Signed-off-by: Tim Smith <[email protected]>
Test on Ruby 2.4.4
Test with Foodcritic 13
* use sysctl cookbook 1.0 most of the code was already written by symondsandson https://github.com/symondsandson/chef-os-hardening.git remove the sysctl attributes file - values are now set in the recipe remove the lazy evaluation from symondsandson adapt test cases to test usage of sysctl_param resource * use again node attributes for sysctl param values This should be done to ensure downward compatibility and keep flexibility. See discussion on: dev-sec#210
dev-sec#209) * added mail_dir attribute and moved component attributes to attributes folder from recipe file * fixed spec test * fixed lint issues
|
@bablakely Thank you for this great improvement. We fixed a couple of test-related issues lately. Would you mind to rebase your PR on master? |
|
superseded by #260 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #182
However, @artem-sidorenko when trying to test this on an Arch VM, I ran into a series of unrelated errors that prevented me from being able to actually test the changes in this PR on Arch. Is the intent of this project to maintain Arch support (I have seen it elsewhere) and, if so, does this PR need to be held until these apparent other issues are resolved? I did test it in Ubuntu 16.04.3 LTS, CentOS 7.4.1708, and Fedora 27.