Defined notes for BSI SYS.1.6.A24 and A25 #12471
Conversation
|
Hi @benruland. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
|
Code Climate has analyzed commit 6996838 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.5% (0.0% change). View more on Code Climate. |
|
/ok-to-test |
openshift-ci
bot
added
ok-to-test
| Note: At the host level, Red Hat CoreOS supports auditd, which is enabled by default. | ||
| Policies for auditd can include network connections, created processes, file accesses and syscalls. | ||
| Red Hat CoreOS provides many sample policies that cover all of the areas described. | ||
| status: does not meet |
There was a problem hiding this comment.
Would a rule like https://github.com/ComplianceAsCode/content/blob/master/applications/openshift/general/acs_sensor_exists/rule.yml be useful here?
There was a problem hiding this comment.
I think it is not that appropriate. The requirement could be adressed by multiple solutions, among them ACS.
However, if a different solution such as Aqua Security is used, it could still be compliant.
Description:
Added notes for two BSI SYS.1.6 controls
Rationale:
As we have multiple customers asking for a BSI profile to be included in the compliance-operator, we are contributing a profile. To provide a better review process, the individual controle are implemented as separate PRs.