-
Notifications
You must be signed in to change notification settings - Fork 706
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rhel10: use new rule for auditing of changes to selinux configuration #12826
base: master
Are you sure you want to change the base?
rhel10: use new rule for auditing of changes to selinux configuration #12826
Conversation
the rule audit_rules_mac_modification is becoming applicable for multiple products. This new rule should make our live simpler in the future by being templated and selinux-specific.
Code Climate has analyzed commit bd64cc2 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 61.8% (0.0% change). View more on Code Climate. |
@@ -117,7 +117,11 @@ controls: | |||
- audit_rules_privileged_commands_unix_chkpwd | |||
- audit_rules_privileged_commands_userhelper | |||
- audit_rules_immutable | |||
{{% if product == "rhel10" %}} | |||
- audit_rules_mac_modification_etc_selinux |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rule audit_rules_mac_modification is a part of multiple controls in this HIPAA control file. If you want to make sure this rule isn't present in the RHEL 10 data stream you need to take care of all occurrences of it in this control file.
Description:
Rationale: MAC as explained in discussion in
Review Hints: