Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHEL-07-030810 installs clamav without first checking for McAfee #6

Open
johannes-cabal opened this issue Aug 1, 2016 · 2 comments
Open

RHEL-07-030810 installs clamav without first checking for McAfee #6

johannes-cabal opened this issue Aug 1, 2016 · 2 comments

Comments

@johannes-cabal
Copy link
Contributor

Should there be a check for "nails" prior to installing clamav? Currently working on RHEL-07-030820 and went to reference your prior AV tasks in CAT I, but it installs clamav without doing a check for the other acceptable AV programs.
@samdoran
Copy link
Owner

samdoran commented Aug 3, 2016

This one is a bit tricky to solve and it's currently broken with ignore_errors on the task.

The requirement is for McAfee or ClamAV to be installed. The packages to be installed and the service to be started/enabled is defined in a variable, rhel7stig_av_package. This allows easy override of the AV program.

The intent is that if someone is using McAfee, née nails, they will redefine that variable to ensure the appropriate packages are installed and the appropriate service is started. Rather than checking, the person running the role must properly define that variable for use in their environment. This does introduce room for human error. Maybe this could be overcome by including an example playbook that installs McAfee and what the package and service name would be.

@samdoran samdoran mentioned this issue Aug 3, 2016
Merged
samdoran pushed a commit that referenced this issue Jan 5, 2017
@jmeth @samdoran
Add CAT2 Password Requirements (#6)
6106fa6 
* RHEL-07-010040 Adds /etc/issue login banner

* RHEL-07-010090 Password Requirements

Require at least 1 uppercase character

* RHEL-07-010100 Password Requirements

Require at least 1 lower case character

* RHEL-07-010110 Password Requirements

Require at least one numeric character

* RHEL7-07-010120 Password Requirements

Require at least one special character

* RHEL-07-010130 Password Requirements

Minimum of 8 characters difference when changing passwords

* RHEL-07-010140 Password Requirements

Require the change of at least four character classes when passwords are changed

* RHEL-07-010150 Password Requirements

Enforce a max of 4 repeating characters

* RHEL-07-010160 Password Requirements

Enforce max of 4 repeating characters of the same character class

* RHEL-07-010200 Password Requirements

Require 24 hours minimum lifetime of passwords

* RHEL-07-010210 Password Requirements

Restrict passwords to 24 hour minimum lifetime

* RHEL-07-010220 Password Requirements

Passwords restricted to max lifetime of 60 days for new users

* RHEL-07-010230 Password Requirements

Restrict password lifetime to 60days for existing users.

* RHEL-07-010240 Password Requirements

Passwords must be prohibited from reuse for a minimum of 5 generations

* RHEL-07-010250 Password Requirements

Passwords must be a minimum of 15 characters in length

* RHEL-07-010040 Use copy module for login banner

Changed template to copy since the issue file is in the files/ dir

* RHEL-07-010200 | RHEL-07-010220 Fix Typo

updated lien to line
@andysmagana
Copy link

I am trying to use rhel7 role but after running it and running another scap scan the score is very low like 33%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@samdoran @johannes-cabal @andysmagana