Fixes rule 1.1.1.6 to better reflect CIS Benchmark qualifications

florianutz / ubuntu2004_cis

Ubuntu CIS Hardening Ansible Role

MIT License

108 stars 67 forks source link

Fixes rule 1.1.1.6 to better reflect CIS Benchmark qualifications #54

Closed rcousens closed 2 years ago

rcousens commented 2 years ago

Changes rule 1.1.1.6 for squashfs to reflect that it's:

not scored (manual)
not implemented due to the fact that squashfs technically can't be disabled as it's a built-in compile time module with Ubuntu kernels
level 2 ("defense in depth")

See https://www.cisecurity.org/insights/blog/changes-to-cis-benchmark-assessment-recommendation-scoring#:~:text=When%20building%20CIS%20Benchmark%20automation,vary%20depending%20on%20the%20environment

rcousens commented 2 years ago

@alex-rowe I think this PR makes things a bit more sensible. I didn't understand some of the nuance in the CIS Benchmark until I started digging after your comments!

See comments on #52 for more context @florianutz

florianutz commented 2 years ago

Thanks for fixing. I will doublecheck this section these days if there is something new.