Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix check 1.1.37. #173

Merged
merged 3 commits into from
Nov 8, 2018
Merged

Fix check 1.1.37. #173

merged 3 commits into from
Nov 8, 2018

Conversation

ttousai
Copy link
Contributor

@ttousai ttousai commented Nov 6, 2018

Check 1.1.37 should pass if --features-gate is not set or if features-gate is set to AdvancedAuditing=false.

@ttousai ttousai requested a review from lizrice November 6, 2018 14:40
lizrice
lizrice suggested changes Nov 7, 2018
View reviewed changes
Copy link
Contributor

@lizrice lizrice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspect the bin_op: and is not correct - should this be testing that --feature-gates doesn't have AdvancedAuditing=face, OR --feature-gates is not set at all?

In addition, from the audit description I think we should be checking that --audit-policy-file is set, right?

(I just raised a ticket on the CIS spec as I don't think the remediation description is complete - it only covers the audit policy file part and not the feature-gates setting.)

@ttousai
Copy link
Contributor Author

ttousai commented Nov 8, 2018
edited
Loading

@lizrice you are right about the bin_op. I have pushed the change.

About checking --audit-policy-file is set; yes we should but there is no audit for it. Should I add a check for this flag?

@lizrice
Copy link
Contributor

lizrice commented Nov 8, 2018

Yes, I think the CIS describes the audit but our test doesn't fully implement it without the check on the --audit-policy-file so it would be good if you could add that as well (can be in a new PR though)

lizrice
lizrice approved these changes Nov 8, 2018
View reviewed changes
Copy link
Contributor

@lizrice lizrice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lizrice lizrice merged commit e1f5bb1 into master Nov 8, 2018
@lizrice lizrice mentioned this pull request Nov 8, 2018
Closed
@ttousai ttousai deleted the fix-1.1.37 branch January 29, 2019 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lizrice lizrice lizrice approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ttousai @lizrice