Dne 13. 11. 20 v 11:16 Watson Sato napsal(a):
I like the idea.
How about adding example answers? They can illustrate and hint to what
is expected.
Good idea, I will propose them below. Thank you.
On Thu, Nov 12, 2020 at 8:39 AM Vojtech Polasek <vpola...@redhat.com
<mailto:vpola...@redhat.com>> wrote:
Dne 11. 11. 20 v 20:50 Gabe Alford napsal(a):
Looks good. I assume that this is going to be in addition to and
not a replacement of the existing template? Having more than one
issue template that GH creates a menu for you to choose is kinda
nice.
Correct, this will be an additional template, the existing one for
reporting issues whill stay there.
Vojta
On Fri, Nov 6, 2020 at 8:54 AM Vojtech Polasek
<vpola...@redhat.com <mailto:vpola...@redhat.com>> wrote:
Hello all,
I would like to propose a new Github issue template which
should make requesting a new SCAP rule easier. It should
guide the issue reporter and answer questions which are
important for content authors right away. Here is the list of
questions I would like to have in the template. Please feel
free to give any feedback, ideally until Monday November 16.
~~~
##Which products does the rule apply to?
example: fedora, rhel8
##Describe the configuration setting enforced by this rule.
example: The default Grub2 command line for the Linux operating system
must contain the audit=1 argument. In case of Fedora, the file
/boot/grub2/grubenv contains line in form:
kernelopts=<arguments_separated_by_spaces>
One of present arguments must be audit=1.
##Why is the configuration security relevant?
example: This configuration ensures that all auditable processes are
audited already during the boot process even before the Auditd starts.
This ensures that potential malicious activity is monitored during boot
process.
##How to check the configuration?
example: sudo grep 'kernelopts.*audit=1.*' /boot/grub2/grubenv
###Is it order dependent? (does it need to be at certain
place in the file?
example: The audit=1 argument can be at any place within the list of
arguments for the Linux kernel. There should be only one line starting
with kernelopts=. Only one occurence of audit=1 should occur. There
should not be any audit=0 in the list of arguments.
###What is correct and incorrect syntax?
example: kernelopts=arg1 arg2 audit=1 arg3
##How to remediate
example: Ensure that the argument is present in the kernelopts=... line.
###Does any command need to be run?
example: The following command may be used:
sudo grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit=1"
##Are there going to be other rules like (similar
configuration) this in the future? (is it worth creating
template?)
example: Yes, there will be more checks for Grub2 kernel command line
arguments.
##Are there any caveats to be considered when testing?
example: Yes. This configuration works only on systems with Grub2
bootloader. Hardware not supported by Grub2 will be covered by a
separate rule.
##Is the configuration loaded directly by the <software> or
is it stored in some intermediate database (similar to
dconf)? (We want to edit the lowest level possible, if
appropriate)
example: The file is loaded by Grub2 directly.
##Is it possible to check / remediate this configuration in
offline mode? (scanning containers or offline systems)
example: This option can be checked in offline mode.
## Please provide security policy references if possible e.g.
STIG
example: srg: SRG-OS-000254-GPOS-00095
hipaa:
164.308(a)(1)(ii)(D),164.308(a)(5)(ii)(C),164.310(a)(2)(iv),164.310(d)(2)(iii),164.312(b)
~~~
Have a nice weekend,
--
Vojtech Polasek
Software engineer, security compliance
Red Hat <https://www.redhat.com>
vpola...@redhat.com <mailto:vpola...@redhat.com>
<https://www.redhat.com>
_______________________________________________
scap-security-guide mailing list --
scap-security-guide@lists.fedorahosted.org
<mailto:scap-security-guide@lists.fedorahosted.org>
To unsubscribe send an email to
scap-security-guide-le...@lists.fedorahosted.org
<mailto:scap-security-guide-le...@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
<https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org>
_______________________________________________
scap-security-guide mailing list --scap-security-guide@lists.fedorahosted.org
<mailto:scap-security-guide@lists.fedorahosted.org>
To unsubscribe send an email toscap-security-guide-le...@lists.fedorahosted.org
<mailto:scap-security-guide-le...@lists.fedorahosted.org>
Fedora Code of
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List
Archives:https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
<https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org>
_______________________________________________
scap-security-guide mailing list --
scap-security-guide@lists.fedorahosted.org
<mailto:scap-security-guide@lists.fedorahosted.org>
To unsubscribe send an email to
scap-security-guide-le...@lists.fedorahosted.org
<mailto:scap-security-guide-le...@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://docs.fedoraproject.org/en-US/project/code-of-conduct/>
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://fedoraproject.org/wiki/Mailing_list_guidelines>
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
<https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org>
--
Watson Sato
Software Engineer
Red Hat EMEA <https://www.redhat.com>
<https://www.redhat.com>
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
