search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.22k stars 698 forks source link

Update file_permissions_etc_chrony_keys to 640 #12577

Closed Mab879 closed 2 weeks ago

Mab879 commented 2 weeks ago

Description:

Update file_permissions_etc_chrony_keys to 640

Rationale:

Follow maintainer guidance.

github-actions[bot] commented 2 weeks ago

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment) Open in Gitpod

Fedora Testing Environment Open in Gitpod

Oracle Linux 8 Environment Open in Gitpod

github-actions[bot] commented 2 weeks ago

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff ```diff New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_chrony_keys'. --- xccdf_org.ssgproject.content_rule_file_permissions_etc_chrony_keys +++ xccdf_org.ssgproject.content_rule_file_permissions_etc_chrony_keys @@ -3,7 +3,7 @@ Verify Permissions On /etc/chrony.keys File [description]: -To properly set the permissions of /etc/chrony.keys, run the command: $ sudo chmod 0644 /etc/chrony.keys +To properly set the permissions of /etc/chrony.keys, run the command: $ sudo chmod 0640 /etc/chrony.keys [reference]: R50 OCIL for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_chrony_keys' differs. --- ocil:ssg-file_permissions_etc_chrony_keys_ocil:questionnaire:1 +++ ocil:ssg-file_permissions_etc_chrony_keys_ocil:questionnaire:1 @@ -2,6 +2,6 @@ run the command: $ ls -l /etc/chrony.keys If properly configured, the output should indicate the following permissions: -0644 - Is it the case that /etc/chrony.keys does not have unix mode 0644? +0640 + Is it the case that /etc/chrony.keys does not have unix mode 0640? bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_chrony_keys' differs. --- xccdf_org.ssgproject.content_rule_file_permissions_etc_chrony_keys +++ xccdf_org.ssgproject.content_rule_file_permissions_etc_chrony_keys @@ -1,7 +1,7 @@ # Remediation is applicable only in certain platforms if rpm --quiet -q kernel; then -chmod u-xs,g-xws,o-xwt /etc/chrony.keys +chmod u-xs,g-xws,o-xwrt /etc/chrony.keys else >&2 echo 'Remediation is not applicable, nothing was done' ansible remediation for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_chrony_keys' differs. --- xccdf_org.ssgproject.content_rule_file_permissions_etc_chrony_keys +++ xccdf_org.ssgproject.content_rule_file_permissions_etc_chrony_keys @@ -24,10 +24,10 @@ - medium_severity - no_reboot_needed -- name: Ensure permission u-xs,g-xws,o-xwt on /etc/chrony.keys +- name: Ensure permission u-xs,g-xws,o-xwrt on /etc/chrony.keys file: path: /etc/chrony.keys - mode: u-xs,g-xws,o-xwt + mode: u-xs,g-xws,o-xwrt when: - '"kernel" in ansible_facts.packages' - file_exists.stat is defined and file_exists.stat.exists ```
codeclimate[bot] commented 2 weeks ago

Code Climate has analyzed commit fd88cd94 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 60.9% (0.0% change).

View more on Code Climate.

vojtapolasek commented 2 weeks ago

Merging. Failing Automatus tests are not relevant to this PR.