Add initial RHEL 10 CIS profiles #12075
Conversation
Since there is not yet a CIS Policy for RHEL10, this control file was based on RHEL9 and was created only for experimental purposes. Signed-off-by: Marcus Burghardt <[email protected]>
There is not yet an official CIS policy for RHEL10. Therefore, these profiles were based on existing RHEL9 profiles and were created only for experimental purposes. Signed-off-by: Marcus Burghardt <[email protected]>
marcusburghardt
added
New Profile
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
| - l1_workstation | ||
| reference_type: cis | ||
| product: rhel10 | ||
|
|
There was a problem hiding this comment.
Have you checked if there are any rules that aren't applicable to RHEL 10 ?
There was a problem hiding this comment.
I used RHEL 9 as reference and actually discovered some rules incorrectly removed in RHEL 9 profiles. It will be addressed in another PR. Regarding RHEL 10, so far I didn't find anything that caught my attention but in any case this is an experimental profile. We will be more sure when the product and respective policy are released.
RHEL 9 and RHEL 10 instead of RHEL9 and RHEL10. Signed-off-by: Marcus Burghardt <[email protected]>
There are conflicting requirements regarding journald and rsyslog. JournalD is the default preference for RHEL 9. Aligned the draft control file for RHEL 10 with CIS RHEL 9 v2.0.0. Signed-off-by: Marcus Burghardt <[email protected]>
|
Code Climate has analyzed commit 56eac7c and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
Description:
Add initial RHEL 10 CIS profiles.
Rationale:
Currently there is not a CIS Policy for RHEL 10. Therefore, these profiles are for experimental purposes only.
Review Hints:
The control file was based on the changes already related to CIS RHEL9 v2.0.0.
However, since the #12067 is not yet merged, some variables used in the control file are using
cis_rhel8option because thecis_rhel9option was introduced by #12067.This can be easily updated after, once the #12067 is merged.