Created control file for SLES 15 DISA STIG profile#14796
Open
rumch-se wants to merge 4 commits into
Open
Conversation
|
Hi @rumch-se. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Tip We noticed you've done this a few times! Consider joining the org to skip this step and gain Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Contributor
|
Please check the Yaml Lint errors. |
svet-se
approved these changes
Jun 23, 2026
svet-se
left a comment
svet-se
left a comment
Contributor
There was a problem hiding this comment.
LGTM, just check the lint errors - "too many blank lines"
|
This datastream diff is auto generated by the check Click here to see the full diffNew content has different text for rule 'xccdf_org.ssgproject.content_rule_dir_system_commands_group_root_owned'.
--- xccdf_org.ssgproject.content_rule_dir_system_commands_group_root_owned
+++ xccdf_org.ssgproject.content_rule_dir_system_commands_group_root_owned
@@ -5,15 +5,15 @@
[description]:
System commands are stored in the following directories:
by default:
-/bin
-/sbin
-/usr/bin
-/usr/sbin
-/usr/local/bin
+/bin
+/sbin
+/usr/bin
+/usr/sbin
+/usr/local/bin
/usr/local/sbin
-All these directories should have root user as a group owner.
-If any system command directory is not group owned by a user other than root
+All these directories should have root user as a group owner.
+If any system command directory is not group owned by a user other than root
correct its ownership with the following command:
$ sudo chgrp root DIR
@@ -30,16 +30,16 @@
R50
[rationale]:
-If the operating system were to allow any user to make changes to
-software libraries, then those changes might be implemented without
-undergoing the appropriate testing and approvals that are part of a
+If the operating system were to allow any user to make changes to
+software libraries, then those changes might be implemented without
+undergoing the appropriate testing and approvals that are part of a
robust change management process.
This requirement applies to operating systems with software libraries
-that are accessible and configurable, as in the case of interpreted languages.
-Software libraries also include privileged programs which execute with escalated
-privileges. Only qualified and authorized individuals must be allowed to obtain
-access to information system components for purposes of initiating changes,
+that are accessible and configurable, as in the case of interpreted languages.
+Software libraries also include privileged programs which execute with escalated
+privileges. Only qualified and authorized individuals must be allowed to obtain
+access to information system components for purposes of initiating changes,
including upgrades and modifications.
[ident]:
OCIL for rule 'xccdf_org.ssgproject.content_rule_dir_system_commands_group_root_owned' differs.
--- ocil:ssg-dir_system_commands_group_root_owned_ocil:questionnaire:1
+++ ocil:ssg-dir_system_commands_group_root_owned_ocil:questionnaire:1
@@ -1,9 +1,9 @@
System commands are stored in the following directories:
-/bin
-/sbin
-/usr/bin
-/usr/sbin
-/usr/local/bin
+/bin
+/sbin
+/usr/bin
+/usr/sbin
+/usr/local/bin
/usr/local/sbin
For each of these directories, run the following command to find directories not
owned by root:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_dir_system_commands_root_owned'.
--- xccdf_org.ssgproject.content_rule_dir_system_commands_root_owned
+++ xccdf_org.ssgproject.content_rule_dir_system_commands_root_owned
@@ -4,15 +4,15 @@
[description]:
System commands are stored in the following directories by default:
-/bin
-/sbin
-/usr/bin
-/usr/sbin
-/usr/local/bin
+/bin
+/sbin
+/usr/bin
+/usr/sbin
+/usr/local/bin
/usr/local/sbin
-All these directories should be owned by the root user.
-If any system command directory is not owned by a user other than root
+All these directories should be owned by the root user.
+If any system command directory is not owned by a user other than root
correct its ownership with the following command:
$ sudo chown root DIR
@@ -29,16 +29,16 @@
R50
[rationale]:
-If the operating system were to allow any user to make changes to
-software libraries, then those changes might be implemented without
-undergoing the appropriate testing and approvals that are part of a
+If the operating system were to allow any user to make changes to
+software libraries, then those changes might be implemented without
+undergoing the appropriate testing and approvals that are part of a
robust change management process.
This requirement applies to operating systems with software libraries
-that are accessible and configurable, as in the case of interpreted languages.
-Software libraries also include privileged programs which execute with escalated
-privileges. Only qualified and authorized individuals must be allowed to obtain
-access to information system components for purposes of initiating changes,
+that are accessible and configurable, as in the case of interpreted languages.
+Software libraries also include privileged programs which execute with escalated
+privileges. Only qualified and authorized individuals must be allowed to obtain
+access to information system components for purposes of initiating changes,
including upgrades and modifications.
[ident]:
OCIL for rule 'xccdf_org.ssgproject.content_rule_dir_system_commands_root_owned' differs.
--- ocil:ssg-dir_system_commands_root_owned_ocil:questionnaire:1
+++ ocil:ssg-dir_system_commands_root_owned_ocil:questionnaire:1
@@ -1,9 +1,9 @@
System commands are stored in the following directories:
-/bin
-/sbin
-/usr/bin
-/usr/sbin
-/usr/local/bin
+/bin
+/sbin
+/usr/bin
+/usr/sbin
+/usr/local/bin
/usr/local/sbin
For each of these directories, run the following command to find directories not
owned by root: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
Rationale: