[WIP] add bascontrol22d#14377
Draft
cealcorn wants to merge 350 commits intoComplianceAsCode:masterfrom
Draft
Conversation
cealcorn
requested review from
Mab879,
ggbecker,
jan-cerny,
marcusburghardt and
vojtapolasek
as code owners
openshift-ci
bot
added
do-not-merge/work-in-progress
|
Hi @cealcorn. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
…g_update_02_26 Update RHEL 8 STIG control file to align with DISA STIG v2r6
…_version_feb_2026 Update RHEL 9 STIG version in profile for V2R7
…pam_lastlog2.so (which writes in /var/lib/)
…_permissions_backup_etc_shadow
…/remove_sudo_bash_remediations_no_empty_passwords_etc_shadow Drop unneeded sudo in bash remediation
…ux/mintmaker/master/compliance-trestle-3.x Update dependency compliance-trestle to v3.12.0
Add Ruff bugbears to CI and fix findings
Combine Packit jobs running Contest into fewer jobs
The logic: if month <= latest_release_date.month Examples: 1. Latest release: November (month 11) → Next: February (month 2) - 2 <= 11 = True → year + 1 = 2026 ✓ 2. Latest release: August (month 8) → Next: November (month 11) - 11 <= 8 = False → same year ✓ 3. Latest release: February (month 2) → Next: May (month 5) - 5 <= 2 = False → same year ✓
…butors Update list of contributors for release 0.1.80
…e-helper Fix the logic of calculating if it displays next year or current.
The release_helper.py script was using the current release date to create the due date of the new milestone.
The stabilization has been created and we need to update the dev branch.
…release-helper Use correct date for the milestone creation
Bump version of development branch to 0.1.81
…/sle16_permissions_local_var_log SLE16 Make sure for permissions_local_var_log file_permissions template
…/sle16_permissions_important_account_files SLE16 set filemode parameter for file_permissions rules
… path Avoid Jinja whitespace trimming that concatenated a comment and the file assignment in harden_ssh_client_crypto_policy Bash remediation. This keeps 'file=...' on its own line and fixes shellcheck SC2154 in generated fixes.
Update product stability references for ssh client path properties and fix Jinja whitespace trimming in the Ubuntu bash remediation template.\n\nThe template change preserves the newline between variable assignments in the generated shell script and avoids shellcheck failures.
…e metadata Apply whitespace-trim Jinja delimiters in SSH client rule YAML metadata where it is formatting-only and does not affect rendered remediation script behavior. Changes: - linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/rule.yml - linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/rule.yml No functional changes intended; this is a style/alignment update per review feedback.
Support RHEL 8 cloud images in GRUB 2 rules
…/fix_sle16_pam_options Fix sle16 pam options
Co-authored-by: Matthew Burket <m@tthewburket.com>
Co-authored-by: Matthew Burket <m@tthewburket.com>
Thanks to @Mab879 for the note 🙇
Signed-off-by: Alan Moore <alan.moore@canonical.com>
for Ubuntu24.04 stig v1r4 Signed-off-by: Alan Moore <alan.moore@canonical.com>
Signed-off-by: Alan Moore <alan.moore@canonical.com>
CMP-4110: Implement CIS OpenShift version 1.9.0
…/sle16_anssi_rules Add more rules for SLE16 ANSSI profiles
…/sle16_sshd_lineinfile_fixes Sle16 sshd lineinfile related fixes
…priv-escal Implemented UBTU-24-300019/20/21
…-901230 Implement UBTU-24-100050, UBTU-24-200270, UBTU-24-400220
…-200270 Enable rule UBTU-24-200270
…ent-path-overrides Parameterize SSH client configuration paths via product properties (preserve defaults)
Member
|
/ok-to-test |
openshift-ci
bot
added
ok-to-test
Member
|
Something is up with the history on this branch. Before it can be reviewed please limit this PR to only your commits. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
Rationale:
Review Hints: