Remove DoD-specific verbiage from rule.yml files#14834
Open
Tomatotech90 wants to merge 1 commit into
Open
Conversation
Several rule.yml files described generic security requirements using DoD-specific phrasing, making the content appear policy-specific even when the underlying requirement applies to any organization. Replace the DoD-framed audit event capability description in three SELinux audit rules (semanage, setfiles, setsebool) with generic language. Remove the named DoD form reference in httpd_antivirus_scan_uploads, and remove the named product and government contact URL from the install_hids warning block. Also fix a pre-existing trailing whitespace on line 30 of audit_rules_execution_semanage/rule.yml, found during lint verification of the same file. Note: mcafee_security_software/group.yml was reviewed but excluded from this PR. Its DoD-specific content is the entire substance of the rule, not incidental wording. Resolves: ComplianceAsCode#8709
|
Hi @Tomatotech90. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Several rule.yml files described generic security requirements using DoD-specific phrasing, making the content appear policy-specific even when the underlying requirement applies to any organization.
Replace the DoD-framed audit event capability description in three SELinux audit rules (semanage, setfiles, setsebool) with generic language. Remove the named DoD form reference in httpd_antivirus_scan_uploads, and remove the named product and government contact URL from the install_hids warning block.
Also fix a pre-existing trailing whitespace on line 30 of audit_rules_execution_semanage/rule.yml, found during lint verification of the same file.
Note: mcafee_security_software/group.yml was reviewed but excluded from this PR. Its DoD-specific content is the entire substance of the rule, not incidental wording.
Resolves: #8709
Description:
Rationale:
Rationale here. Replace this text. Don't use the italics format!
Fixes # Issue number here (e.g. Updating sysctl XCCDF naming #26) or remove this line if no issue exists.
Review Hints:
Review hints here. Replace this text. Don't use the italics format!
Use this optional section to give any relevant information which could help the reviewer to more quickly and assertively understand and test the changes.
Good examples are useful commands, if it is better to review all commits together or in a suggested sequence, any relevant discussion in other PRs or issues, etc.