search

hubblestack / nova

Hubble's Auditing System. This repo is deprecated in favor of https://github.com/hubblestack/hubble-salt
https://hubblestack.io
Apache License 2.0
50 stars 26 forks source link

CIS CentOS 7 - CIS-3.6 #290

Closed ssoto2 closed 7 years ago

ssoto2 commented 7 years ago

Current the centos-7-level-1-scored-v1.yaml is looking for the following

selection_112

But per the CIS https://benchmarks.cisecurity.org/tools2/linux/CIS_CentOS_Linux_7_Benchmark_v1.1.0.pdf

The audit should be looking for the following lines

restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery

selection_113

Right now the audit is looking for 

    CentOS Linux-7:
    - /etc/ntp.conf:
        pattern: restrict default
        tag: CIS-3.6
    - /etc/ntp.conf:
        pattern: restrict -6 default
        tag: CIS-3.6

which since line contains more then just that pattern it is failing.

basepi commented 7 years ago

Is this one actually not an issue? Wanted to make sure you intended to close it.