[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rework SCA for Red-Hat Enterprise Linux 7 #18440

Merged
merged 16 commits into from
Sep 25, 2023

Conversation

Johnng007
Copy link
Member
@Johnng007 Johnng007 commented Aug 15, 2023
Component Action type Main Issue
SCA Rework

Main tasks

  • Use the latest CIS benchmark PDF from https://downloads.cisecurity.org/#/
  • Verify IDs numbers.
  • Verify texts are correct: Title, Description, Rationale and Remediation.
  • Verify Compliance: CIS, CIS_CSC.
  • Verify condtion and rules:
    • To Pass.
    • To Fail.

Checks

Syntax and semantic

  • a) ID of each policy must be contiguous.
  • b) The order and format set in Documentation must be respected.
  • c) YML must be valid to avoid errors.

Content

  • a) Compare each check with its analogue from CIS Benchmark.
  • b) Try to maintain each rule as similar as possible with the Audit section from the CIS check.
  • c) Check that the commands provide the expected output.
  • d) When a failure is discovered, check similar policies to avoid repetition of the issue.

Unit testing

  • a) Output from ossec.log after the SCA scan and a raw output of the result of the checks.
Tests results

Analysisd (server or local)

analysisd.debug=2

Auth daemon debug (server)

authd.debug=0

Exec daemon debug (server, local, or Unix agent)

execd.debug=0

Monitor daemon debug (server, local, or Unix agent)

monitord.debug=0

Log collector (server, local or Unix agent)

logcollector.debug=0

Integrator daemon debug (server, local or Unix agent)

integrator.debug=0

Unix agentd

agent.debug=2

Deployment

  • a) If the policy it's new, it must be added to the sca.files templates.
  • b) If the OS has many supported SCA policies, a policy must be set as default policy. (as example)

@Johnng007 Johnng007 linked an issue Aug 15, 2023 that may be closed by this pull request
17 tasks
@ooniagbi ooniagbi self-requested a review September 25, 2023 12:10
@ooniagbi ooniagbi marked this pull request as ready for review September 25, 2023 12:11
Copy link
Member
@ooniagbi ooniagbi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ooniagbi ooniagbi merged commit e04ab8b into master Sep 25, 2023
@ooniagbi ooniagbi deleted the Rework-SCA-for-Red-Hat-Enterprise-Linux-7 branch September 25, 2023 12:11
@ooniagbi ooniagbi restored the Rework-SCA-for-Red-Hat-Enterprise-Linux-7 branch May 13, 2024 11:50
@ooniagbi ooniagbi deleted the Rework-SCA-for-Red-Hat-Enterprise-Linux-7 branch May 31, 2024 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Rework SCA Policy for Red Hat Enterprise Linux 7
2 participants