Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CIS 4.1.1.3 #85

Merged
merged 1 commit into from
Nov 18, 2017
Merged

CIS 4.1.1.3 #85

merged 1 commit into from
Nov 18, 2017

Conversation

tomhaynes
Copy link
Contributor

For CIS v2.1:

4.1.1.3 Ensure audit logs are not automatically deleted:

Audit:
Run the following command and verify output matches:
max_log_file_action = keep_logs

chris-rock
chris-rock approved these changes Nov 17, 2017
View reviewed changes
Copy link
Member

@chris-rock chris-rock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that is a helpful improvement @tomhaynes

atomic111
atomic111 approved these changes Nov 18, 2017
View reviewed changes
Copy link
Member

@atomic111 atomic111 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tomhaynes makes sense. thanks for chaning this

@atomic111 atomic111 merged commit 83d031e into dev-sec:master Nov 18, 2017
@artem-sidorenko
Copy link
Member

@chris-rock @atomic111 this change has broken the tests for chef-os-hardening. As we currently are not managing the audit configuration, any ideas how to handle this? (I do not have time to implement it now) Should we create an issue in the implementation repo and disable this test for now?

@artem-sidorenko
Copy link
Member

I created dev-sec/chef-os-hardening#182 and dev-sec/chef-os-hardening#181

@chris-rock
Copy link
Member

We could pin to released versions of the benchmark...

@artem-sidorenko
Copy link
Member

@chris-rock Hm, okay. But this would lead to a recurrent version repining, right?

@chris-rock
Copy link
Member

yes, unfortunately. I am open to any other idea

@artem-sidorenko
Copy link
Member

@chris-rock I do not have any other idea :\ For me personally its easier to live with a current setup (#55 would make it even better). But if somebody has a better idea, I would be also happy to hear it

@schurzi schurzi mentioned this pull request May 10, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@atomic111 atomic111 atomic111 approved these changes

@chris-rock chris-rock chris-rock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tomhaynes @artem-sidorenko @chris-rock @kiwivogel @atomic111