Update impact scores for Chef policies (#310)

Add a missing impact and change some existing scores Signed-off-by: Tim Smith <[email protected]>
mondoohq · Jan 3, 2024 · e64ae24 · e64ae24
1 parent 804f8db
commit e64ae24
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/community/chef-infra-client.mql.yaml b/community/chef-infra-client.mql.yaml
@@ -101,6 +101,7 @@ queries:
         ```
   - uid: var-log-chef-directory-permissions
     title: Ensure /var/log/chef/ is owned by root with 750 permissions
+    impact: 70
     mql: |
       if (file("/var/log/chef").exists) {
         file("/var/log/chef") {

diff --git a/community/chef-infra-server.mql.yaml b/community/chef-infra-server.mql.yaml
@@ -188,23 +188,23 @@ queries:
         ```
   - uid: non-eol-infra-server
     title: Ensure a non-EOL Chef Infra Server release is used
-    impact: 90
+    impact: 100
     mql: |
       file("/opt/opscode/version-manifest.txt").content == /^chef-server (14|15|16|17)/
     docs:
       desc: Only the current major release of Chef Infra Server is supported. Prior releases do not receive security updates and should not be used in production environments.
       remediation: Upgrade to a non-EOL release of Chef Infra Server. Note that this will require downtime for component upgrade processes.
   - uid: eol-reporting-addon
     title: Ensure EOL Reporting add-on package is not installed
-    impact: 100
+    impact: 80
     mql: |
       package("opscode-reporting").installed == false
     docs:
       desc: The Opscode Reporting add-on for Infra Server is EOL and no longer receives security updates.
       remediation: Uninstall the Reporting package and run `chef-server-ctl reconfigure`
   - uid: eol-push-jobs-addon
     title: Ensure EOL Push Jobs Server add-on package is not installed
-    impact: 100
+    impact: 80
     mql: |
       package("opscode-push-jobs-server").installed == false
     docs: