search

mondoohq / cnspec-policies

This repository contains security policies for cnspec maintained by Mondoo and the cnspec community.
Other
42 stars 17 forks source link

:broom: Mondoo Linux Policy - Fix: Don't run `kernel.parameters` checks from inside containers #424

Closed mm-weber closed 2 months ago

mm-weber commented 2 months ago

Using the following filters to make sure kernel.parameter checks don't run inside of docker containers or images.

    filters: |
      asset.kind != "container-image"
      asset.runtime != "docker-container"
github-actions[bot] commented 2 months ago

@check-spelling-bot Report

:red_circle: Please review

See the :open_file_folder: files view, the :scroll:action log, or :memo: job summary for details.

Unrecognized words (1)

sched

To accept these unrecognized words as correct, you could run the following commands ... in a clone of the [git@github.com:mondoohq/cnspec-policies.git](https://github.com/mondoohq/cnspec-policies.git) repository on the `manuel/fix-kernelparameters` branch ([:information_source: how do I use this?]( https://github.com/check-spelling/check-spelling/wiki/Accepting-Suggestions)): ``` sh curl -s -S -L 'https://raw.githubusercontent.com/check-spelling/check-spelling/v0.0.22/apply.pl' | perl - 'https://github.com/mondoohq/cnspec-policies/actions/runs/10206117224/attempts/1' ```
Available :books: dictionaries could cover words (expected and unrecognized) not in the :blue_book: dictionary This includes both **expected items** (192) from .github/actions/spelling/expect.txt and **unrecognized words** (1) Dictionary | Entries | Covers | Uniquely -|-|-|- [cspell:node/dict/node.txt](https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20230509/dictionaries/node/dict/node.txt)|891|9|3| [cspell:k8s/dict/k8s.txt](https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20230509/dictionaries/k8s/dict/k8s.txt)|153|3|3| [cspell:php/dict/php.txt](https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20230509/dictionaries/php/dict/php.txt)|1689|7|1| [cspell:django/dict/django.txt](https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20230509/dictionaries/django/dict/django.txt)|393|4|1| [cspell:python/src/python/python-lib.txt](https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20230509/dictionaries/python/src/python/python-lib.txt)|2417|4|1| Consider adding them (in `.github/workflows/spell-check.yaml`) for `uses: check-spelling/check-spelling@v0.0.22` in its `with`: ``` yml with: extra_dictionaries: cspell:node/dict/node.txt cspell:k8s/dict/k8s.txt cspell:php/dict/php.txt cspell:django/dict/django.txt cspell:python/src/python/python-lib.txt ``` To stop checking additional dictionaries, add (in `.github/workflows/spell-check.yaml`) for `uses: check-spelling/check-spelling@v0.0.22` in its `with`: ``` yml check_extra_dictionaries: '' ```
If the flagged items are false positives If items relate to a ... - binary file (or some other file you wouldn't want to check at all). Please add a file path to the `excludes.txt` file matching the containing file. File paths are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files. `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude README.md (on whichever branch you're using). - well-formed pattern. If you can write a [pattern](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns) that would match it, try adding it to the `patterns.txt` file. Patterns are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines. Note that patterns can't match multiline strings.