DO NOT MERGE: trying to fix Automatus sanity check

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats

https://complianceascode.readthedocs.io/en/latest/

Other

2.22k stars 698 forks source link

DO NOT MERGE: trying to fix Automatus sanity check #12553

Closed vojtapolasek closed 2 weeks ago

vojtapolasek commented 3 weeks ago

Automatus sanity check is sometimes failing. The reason is that the rule file_owner_etc_issue_net is being scanned and it fails. The fail might be legitimate, but the peculiar thing is that when testing locally on Fedora, the rule does not get picked by the last test run. The particular test run tests the template feature of Automatus and it uses slice 1 of 15 for file_owner template.

github-actions[bot] commented 3 weeks ago

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

github-actions[bot] commented 3 weeks ago

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

```diff ansible remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_user_interactive_home_directory_defined' differs. --- xccdf_org.ssgproject.content_rule_accounts_user_interactive_home_directory_defined +++ xccdf_org.ssgproject.content_rule_accounts_user_interactive_home_directory_defined @@ -33,7 +33,7 @@ loop: '{{ local_users }}' when: - item.value[2]|int >= 1000 - - item.value[2]|int != 65534 + - item.value[2]|int != 65535 - not item.value[4] | regex_search('^\/\w*\/\w{1,}') tags: - CCE-84036-3 ```

codeclimate[bot] commented 3 weeks ago

Code Climate has analyzed commit fae4baa3 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (0.0% change).

View more on Code Climate.