Closed jan-cerny closed 6 days ago
github-actions[bot]
commented
1 week ago Start a new ephemeral environment with changes proposed in this pull request:
rhel8 (from CTF) Environment (using Fedora as testing environment)
Fedora Testing Environment
Oracle Linux 8 Environment
codeclimate[bot]
commented
1 week ago Code Climate has analyzed commit 213308c2 and detected 0 issues on this pull request.
The test coverage on the diff in this pull request is 100.0% (50% is the threshold).
This pull request will bring the total coverage in the repository to 60.9% (0.0% change).
View more on Code Climate.
matusmarhefka
commented
6 days ago $ ./automatus.py rule --libvirt qemu:///session ssgts_94 --datastream ../build/ssg-rhel9-ds.xml --remediate-using bash file_permissions_unauthorized_suid
Setting console output to log level INFO
INFO - The base image option has not been specified, choosing libvirt-based test environment.
INFO - Logging into git/content/tests/logs/rule-custom-2024-11-15-1443/test_suite.log
INFO - xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_suid
INFO - Script unpackaged_suid.fail.sh using profile (all) OK
INFO - Script no_unpackaged_suid.pass.sh using profile (all) OK
Fix file_permissions_unauthorized_suid for bootable containers. We will filter out the /sysroot directory from our scan because it contains only the physical root and not the real file system.
See: https://containers.github.io/bootc/filesystem-sysroot.html#sysroot-mount
Review Hints:
Build a CS 9 bootable container image using podman build and during the build harden it using oscap-bootc with the ANSSI High profile. Boot the image and then run a scan of the running system.