Replies: 1 comment 2 replies
-
We have unfortunately allowed some of these new rules being introduced to the project without actually noticing the misleading IDs. On one hand we should definitely try to keep them consistent and concise, but on the other hand, changing rule IDs mean possibly breaking existent tailorings because the old rule ID will cease to exist when we rename it. It's hard to know exactly the impact that there will be, but if we decide to rename them, we have to accept this risk. Unfortunately the standard doesn't support a way of deprecating rules, although we could have a duplicated rule in a way that we would start using this new rule but keeping the old one in place to avoid breaking any existing tailorings. |
Beta Was this translation helpful? Give feedback.
-
STIG has a bunch of different rule regarding files and directories permissions, owner and groupowner.
In Ubuntu 20.04 STIG we have (hopefullly I'm not missing any):
Some of those rules are easy to understand just by reading its name:
file_permissions_binary_dirs: this is about permissions for file under binary directories, such as /bin/
Now some rules are just hard to understand, e.g.:
root_permissions_syslibrary_files: not sure if it is about directories or files
Therefore, following a naming convention would make it easier, and
root_permissions_syslibrary_files
can be changed tofile_groupownership_library_dirs
.What do you think about having a naming convention and renaming the ones that are not so clear?
Beta Was this translation helpful? Give feedback.
All reactions