8000 RHEL 9 Ansible fixes by jan-cerny · Pull Request #13455 · ComplianceAsCode/content · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

RHEL 9 Ansible fixes #13455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 15, 2025
Merged

RHEL 9 Ansible fixes #13455

merged 3 commits into from
May 15, 2025

Conversation

jan-cerny
Copy link
Collaborator

This PR fixes failing /per-rule/ansible tests on RHEL 9.7.

For more details, please read commit messages of every commit.

jan-cerny added 3 commits May 13, 2025 10:02
@jan-cerny
Remove rules from RHEL 9 profiles
1b6ab9d 
The rules package_ypserv_removed and package_quagga_removed and
package_rsh_removed are not applicable in RHEL 9 because these
packages don't exist on RHEL 9.

rsh
@jan-cerny
Specify a specific value
c768758 
Ansible Playbook executes sshd verification of configuration
options. The default value of the sshd_strong_macs variable isn't
accepted by sshd on RHEL 9.7. This causes fail of Ansible remediation
in Automatus. We need to specify a specific value of this variable
which I choose the RHEL 9 STIG variant.
@jan-cerny
Fix tests for sshd_disable_compression
cc10d18 
The Automatus tests with Ansible remediations fail because the Ansible
verifies the sshd configuration and for sshd the `correct_value` isn't
acceptable value in the `Compression` option.
@jan-cerny jan-cerny added this to the 0.1.77 milestone May 13, 2025
@jan-cerny jan-cerny requested review from a team, matusmarhefka and Mab879 as code owners May 13, 2025 08:38
@jan-cerny jan-cerny added the Ansible Ansible remediation update. label May 13, 2025
@jan-cerny jan-cerny requested a review from vojtapolasek as a code owner May 13, 2025 08:38
@jan-cerny jan-cerny added the RHEL9 Red Hat Enterprise Linux 9 product related. label May 13, 2025
@codeclimate CodeClimate
Copy link
codeclimate bot commented May 13, 2025

Code Climate has analyzed commit cc10d18 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9% (0.0% change).

View more on Code Climate.

@jan-cerny jan-cerny mentioned this pull request May 13, 2025
Merged
@Mab879 Mab879 self-assigned this May 13, 2025
Mab879
Mab879 reviewed May 15, 2025
View reviewed changes
controls/stig_rhel9.yml
- package_ypserv_removed
status: automated
status: not applicable # The ypserv package is not available in RHEL 9
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In other PRs, I left this as automated and just moved it related rules.

We should decide if we like this approach better.

I think I like this better.

@Mab879 Mab879 merged commit 84ff13b into ComplianceAsCode:master May 15, 2025
107 of 110 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mab879 Mab879 Mab879 approved these changes

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@vojtapolasek vojtapolasek Awaiting requested review from vojtapolasek vojtapolasek is a code owner

Assignees

@Mab879 Mab879

Labels
Ansible Ansible remediation update. RHEL9 Red Hat Enterprise Linux 9 product related.
Projects
None yet
Milestone
0.1.77
Development

Successfully merging this pull request may close these issues.
2 participants
@jan-cerny @Mab879
0