Open jblaine opened 4 years ago
Instead of /etc/sysconfig/network
, the Ubuntu rule should be -w /etc/network -p wa -k system-locale
per the CIS Benchmark for Ubuntu 18. However, as mentioned in the original issue above, there are other EL-centric issues further down the file related to rules in this cookbook's wholly EL-centric templates/default/cis.rules
Cookbook version
2.3.4
Chef-client version
15
Platform Details
Ubuntu 18.04.3 LTS
Scenario:
Trying to apply cis.rules on Ubuntu
Steps to Reproduce:
Expected Result:
I expected cis.rules to work on Ubuntu
Actual Result:
The rules loaded are a partial set of cis.rules. I suspect everyone using this cookbook on Ubuntu, with the included cis.rules, is NOT auditing what they think!
My assessment is that this is because the next rule is "-w /etc/sysconfig/network -p wa -k system-locale" and this quietly fails (and short-circuits all further rule loading!) because
/etc/sysconfig/network
does not exist on an Ubuntu disk. There are certainly other issues further down the file.