Comments (4)
bjvrielink
commented on September 16, 2024
What kind of failures do you see? Can you provide the error messages?
from secure_linux_cis.
ovlords
commented on September 16, 2024
Hi @bjvrielink,
Thanks for asking. Apologies for the late reply.
Here are the error messages I'm gettting and the rules which I believe relate to them:
<ensure_nftables_is_not_enabled>
<ensure_no****_option_set_on_tmp_partition>
<ensure_mail_transfer_agent_is_configured_for_local_only_mode>
from secure_linux_cis.
bjvrielink
commented on September 16, 2024
The nftables error is most likely because the nftables package is not installed (which should be fine). Puppet cannot mask a service that simply does not exist. We should work around this and make the service resource conditional depending on the presence of the nftables package.
I guess the tmp errors are because /tmp is not specified in /etc/fstab but instead as a systemd unit. Although the CIS guidelines only mention /etc/fstab in the remediation section, I do not think enforcing the use of /etc/fstab only is the way to go. I'm not sure how easy this would be to fix.
The Postfix error is because a bug in the Postfix Puppet module, see voxpupuli/puppet-postfix#261
from secure_linux_cis.
bjvrielink
commented on September 16, 2024
The postfix bug should be fixed in versions >= 1.10.0 of the Postfix module.
from secure_linux_cis.
Related Issues (20)
- [Q] rhel7 3.0.0 HOT 5
- CentOS 7 3.0.0 benchmark updates not present HOT 3
- root_path_integrity triggers on missing directories, not just writable ones HOT 1
- Setting boot password through module doesn't satisfy boot password compliance check HOT 2
- update upper version for puppetlabs/reboot in metadata
- Error: Could not set 'present' on ensure: no implicit conversion of Integer into String
- Custom postfix module in spec tests - why? HOT 3
- 3.0.0 broken for Oracle Linux
- firewalld Service Duplicate Declaration HOT 2
- version 3.0.0 on the forge, but not on github - breaking changes? HOT 1
- Do not load module if rule is disabled
- Please republish to Forge, current module fails to install - incorrect metadata HOT 3
- secure_linux_cis
- Documentation not updated for Internet Security (CIS) benchmarks OS HOT 1
- Need to exclude rules also in v3.0.0 HOT 1
- crypto_policy_sshd.rb unexpected return
- include_rules and exclude_rules disabled in module init.pp HOT 2
- pam_tally2.so not available in Debian >=11 (stable an onward)
- file should be file_line for ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secure_linux_cis.