Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auditd Management #191

Closed
wants to merge 34 commits into from
Closed

Auditd Management #191

wants to merge 34 commits into from

Conversation

bablakely
Copy link
Contributor

@bablakely bablakely commented Feb 7, 2018

Fixes #182

However, @artem-sidorenko when trying to test this on an Arch VM, I ran into a series of unrelated errors that prevented me from being able to actually test the changes in this PR on Arch. Is the intent of this project to maintain Arch support (I have seen it elsewhere) and, if so, does this PR need to be held until these apparent other issues are resolved? I did test it in Ubuntu 16.04.3 LTS, CentOS 7.4.1708, and Fedora 27.

bblakely-anl and others added 7 commits February 6, 2018 16:39
Fedora belongs in our tests to the RH family,
lets make it explicitely here, as ohai detects platform_family on fedora
as 'fedora' and not 'rhel'.

See dev-sec/linux-baseline#82 for reference

Signed-off-by: Artem Sidorenko <[email protected]>
Fedora 27 fails during the converge phase with OOMs with 512mb
Fix fedora shadow permissions
@bablakely
Copy link
Contributor Author

@artem-sidorenko - these tests are failing due to a missing DIGITALOCEAN_ACCESS_TOKEN environment variable in rake.

bablakely and others added 5 commits February 12, 2018 22:16
* Remove dependency on compat_resource (deprecated). Fixes dev-sec#186, but may break older clients
* Bumped Chef version to 12.14.60
and resolve the cleanup issue of old configs on our side

Signed-off-by: Artem Sidorenko <[email protected]>
Signed-off-by: Christoph Hartmann <[email protected]>
artem-sidorenko and others added 16 commits February 20, 2018 10:05
The new major release 1.0.0 does not have recipes anymore, we will have
to reflect that. Pinning the major version for now.

Signed-off-by: Artem Sidorenko <[email protected]>
Lazy pin the sysctl major version
…mplate_source

Feature/allow setting template source
Try to detect the good defaults via ohai. Allow overriding of recipes

Signed-off-by: Artem Sidorenko <[email protected]>
and DO tests on the full VMs if possible

Signed-off-by: Artem Sidorenko <[email protected]>
as rsyslog isn't installed within containers, syslog group doesn't exist
and the group of /var/log is root
They will be addressed in a dedicated PRs, esp to the linux-baseline
Container support and dokken tests in travis CI
Signed-off-by: Tim Smith <[email protected]>
There's been a ton of bugfixes and improvements since 11.1.

Signed-off-by: Tim Smith <[email protected]>
dhohengassner and others added 2 commits May 14, 2018 11:54
* use sysctl cookbook 1.0

most of the code was already written by symondsandson
https://github.com/symondsandson/chef-os-hardening.git

remove the sysctl attributes file - values are now set in the recipe
remove the lazy evaluation from symondsandson
adapt test cases to test usage of sysctl_param resource

* use again node attributes for sysctl param values

This should be done to ensure downward compatibility and keep flexibility. See discussion on:
dev-sec#210
dev-sec#209)

* added mail_dir attribute and moved component attributes to attributes folder from recipe file

* fixed spec test

* fixed lint issues
@chris-rock
Copy link
Member

@bablakely Thank you for this great improvement. We fixed a couple of test-related issues lately. Would you mind to rebase your PR on master?

@artem-sidorenko
Copy link
Member

superseded by #260

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Management of auditd is missing
8 participants