Change dir #3
Closed
Change dir #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As the cis rule indicates: remove iptables-persistent if ufw is installed
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
|
This datastream diff is auto generated by the check Click here to see the full diffbash remediation for rule 'xccdf_org.ssgproject.content_rule_file_audit_tools_group_ownership' differs.
--- xccdf_org.ssgproject.content_rule_file_audit_tools_group_ownership
+++ xccdf_org.ssgproject.content_rule_file_audit_tools_group_ownership
@@ -1,13 +1,13 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chgrp 0 /sbin/auditctl
-chgrp 0 /sbin/aureport
-chgrp 0 /sbin/ausearch
-chgrp 0 /sbin/autrace
-chgrp 0 /sbin/auditd
-chgrp 0 /sbin/rsyslogd
-chgrp 0 /sbin/augenrules
+chgrp -L 0 /sbin/auditctl
+chgrp -L 0 /sbin/aureport
+chgrp -L 0 /sbin/ausearch
+chgrp -L 0 /sbin/autrace
+chgrp -L 0 /sbin/auditd
+chgrp -L 0 /sbin/rsyslogd
+chgrp -L 0 /sbin/augenrules
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_audit_tools_ownership' differs.
--- xccdf_org.ssgproject.content_rule_file_audit_tools_ownership
+++ xccdf_org.ssgproject.content_rule_file_audit_tools_ownership
@@ -1,13 +1,13 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chown 0 /sbin/auditctl
-chown 0 /sbin/aureport
-chown 0 /sbin/ausearch
-chown 0 /sbin/autrace
-chown 0 /sbin/auditd
-chown 0 /sbin/rsyslogd
-chown 0 /sbin/augenrules
+chown -L 0 /sbin/auditctl
+chown -L 0 /sbin/aureport
+chown -L 0 /sbin/ausearch
+chown -L 0 /sbin/autrace
+chown -L 0 /sbin/auditd
+chown -L 0 /sbin/rsyslogd
+chown -L 0 /sbin/augenrules
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_groupowner_etc_sudoersd' differs.
--- xccdf_org.ssgproject.content_rule_directory_groupowner_etc_sudoersd
+++ xccdf_org.ssgproject.content_rule_directory_groupowner_etc_sudoersd
@@ -1 +1 @@
-find -H /etc/sudoers.d/ -maxdepth 1 -type d -exec chgrp root {} \;
+find -H /etc/sudoers.d/ -maxdepth 1 -L -type d -exec chgrp -L root {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_owner_etc_sudoersd' differs.
--- xccdf_org.ssgproject.content_rule_directory_owner_etc_sudoersd
+++ xccdf_org.ssgproject.content_rule_directory_owner_etc_sudoersd
@@ -1 +1 @@
-find -H /etc/sudoers.d/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/sudoers.d/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_sudoers' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_sudoers
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_sudoers
@@ -1 +1 @@
-chgrp root /etc/sudoers
+chgrp -L root /etc/sudoers
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_sudoers' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_sudoers
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_sudoers
@@ -1 +1 @@
-chown 0 /etc/sudoers
+chown -L 0 /etc/sudoers
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue
@@ -1 +1 @@
-chgrp 0 /etc/issue
+chgrp -L 0 /etc/issue
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue_net' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue_net
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_issue_net
@@ -1 +1 @@
-chgrp 0 /etc/issue.net
+chgrp -L 0 /etc/issue.net
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_motd' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_motd
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_motd
@@ -1 +1 @@
-chgrp 0 /etc/motd
+chgrp -L 0 /etc/motd
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_issue' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_issue
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_issue
@@ -1 +1 @@
-chown 0 /etc/issue
+chown -L 0 /etc/issue
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_issue_net' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_issue_net
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_issue_net
@@ -1 +1 @@
-chown 0 /etc/issue.net
+chown -L 0 /etc/issue.net
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_motd' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_motd
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_motd
@@ -1 +1 @@
-chown 0 /etc/motd
+chown -L 0 /etc/motd
New data stream adds ansible remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_user_dot_no_world_writable_programs'.
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_grub2_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_grub2_cfg
+++ xccdf_org.ssgproject.content_rule_file_groupowner_grub2_cfg
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -d /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
-chgrp 0 /boot/grub2/grub.cfg
+chgrp -L 0 /boot/grub2/grub.cfg
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_user_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_user_cfg
+++ xccdf_org.ssgproject.content_rule_file_groupowner_user_cfg
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -d /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
-chgrp 0 /boot/grub2/user.cfg
+chgrp -L 0 /boot/grub2/user.cfg
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_grub2_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_grub2_cfg
+++ xccdf_org.ssgproject.content_rule_file_owner_grub2_cfg
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -d /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
-chown 0 /boot/grub2/grub.cfg
+chown -L 0 /boot/grub2/grub.cfg
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_user_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_user_cfg
+++ xccdf_org.ssgproject.content_rule_file_owner_user_cfg
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -d /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
-chown 0 /boot/grub2/user.cfg
+chown -L 0 /boot/grub2/user.cfg
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_efi_grub2_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_efi_grub2_cfg
+++ xccdf_org.ssgproject.content_rule_file_groupowner_efi_grub2_cfg
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ -d /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
-chgrp 0 /boot/efi/EFI/redhat/grub.cfg
+chgrp -L 0 /boot/efi/EFI/redhat/grub.cfg
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_efi_user_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_efi_user_cfg
+++ xccdf_org.ssgproject.content_rule_file_groupowner_efi_user_cfg
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ -d /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
-chgrp 0 /boot/efi/EFI/redhat/user.cfg
+chgrp -L 0 /boot/efi/EFI/redhat/user.cfg
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_efi_grub2_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_efi_grub2_cfg
+++ xccdf_org.ssgproject.content_rule_file_owner_efi_grub2_cfg
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ -d /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
-chown 0 /boot/efi/EFI/redhat/grub.cfg
+chown -L 0 /boot/efi/EFI/redhat/grub.cfg
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_efi_user_cfg' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_efi_user_cfg
+++ xccdf_org.ssgproject.content_rule_file_owner_efi_user_cfg
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ -d /sys/firmware/efi ] && rpm --quiet -q grub2-common && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
-chown 0 /boot/efi/EFI/redhat/user.cfg
+chown -L 0 /boot/efi/EFI/redhat/user.cfg
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_groupowner_etc_ipsecd' differs.
--- xccdf_org.ssgproject.content_rule_directory_groupowner_etc_ipsecd
+++ xccdf_org.ssgproject.content_rule_directory_groupowner_etc_ipsecd
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if rpm --quiet -q libreswan; then
-find -H /etc/ipsec.d/ -maxdepth 1 -type d -exec chgrp root {} \;
+find -H /etc/ipsec.d/ -maxdepth 1 -L -type d -exec chgrp -L root {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_owner_etc_ipsecd' differs.
--- xccdf_org.ssgproject.content_rule_directory_owner_etc_ipsecd
+++ xccdf_org.ssgproject.content_rule_directory_owner_etc_ipsecd
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if rpm --quiet -q libreswan; then
-find -H /etc/ipsec.d/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/ipsec.d/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_ipsec_conf' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_ipsec_conf
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_ipsec_conf
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if rpm --quiet -q libreswan; then
-chgrp root /etc/ipsec.conf
+chgrp -L root /etc/ipsec.conf
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_ipsec_secrets' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_ipsec_secrets
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_ipsec_secrets
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if rpm --quiet -q libreswan; then
-chgrp root /etc/ipsec.secrets
+chgrp -L root /etc/ipsec.secrets
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_ipsec_conf' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_ipsec_conf
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_ipsec_conf
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if rpm --quiet -q libreswan; then
-chown 0 /etc/ipsec.conf
+chown -L 0 /etc/ipsec.conf
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_ipsec_secrets' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_ipsec_secrets
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_ipsec_secrets
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if rpm --quiet -q libreswan; then
-chown 0 /etc/ipsec.secrets
+chown -L 0 /etc/ipsec.secrets
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_groupowner_etc_iptables' differs.
--- xccdf_org.ssgproject.content_rule_directory_groupowner_etc_iptables
+++ xccdf_org.ssgproject.content_rule_directory_groupowner_etc_iptables
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if rpm --quiet -q iptables; then
-find -H /etc/iptables/ -maxdepth 1 -type d -exec chgrp root {} \;
+find -H /etc/iptables/ -maxdepth 1 -L -type d -exec chgrp -L root {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_owner_etc_iptables' differs.
--- xccdf_org.ssgproject.content_rule_directory_owner_etc_iptables
+++ xccdf_org.ssgproject.content_rule_directory_owner_etc_iptables
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if rpm --quiet -q iptables; then
-find -H /etc/iptables/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/iptables/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_groupowner_etc_nftables' differs.
--- xccdf_org.ssgproject.content_rule_directory_groupowner_etc_nftables
+++ xccdf_org.ssgproject.content_rule_directory_groupowner_etc_nftables
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if rpm --quiet -q nftables; then
-find -H /etc/nftables/ -maxdepth 1 -type d -exec chgrp root {} \;
+find -H /etc/nftables/ -maxdepth 1 -L -type d -exec chgrp -L root {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_owner_etc_nftables' differs.
--- xccdf_org.ssgproject.content_rule_directory_owner_etc_nftables
+++ xccdf_org.ssgproject.content_rule_directory_owner_etc_nftables
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if rpm --quiet -q nftables; then
-find -H /etc/nftables/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/nftables/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_crypttab' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_crypttab
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_crypttab
@@ -1 +1 @@
-chgrp root /etc/crypttab
+chgrp -L root /etc/crypttab
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_systemmap' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_systemmap
+++ xccdf_org.ssgproject.content_rule_file_groupowner_systemmap
@@ -1,2 +1,2 @@
-find /boot/ -maxdepth 1 -type f ! -group root -regextype posix-extended -regex '^.*System\.map.*$' -exec chgrp root {} \;
+find /boot/ -maxdepth 1 -L -type f ! -group root -regextype posix-extended -regex '^.*System\.map.*$' -exec chgrp -L root {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_crypttab' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_crypttab
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_crypttab
@@ -1 +1 @@
-chown 0 /etc/crypttab
+chown -L 0 /etc/crypttab
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_systemmap' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_systemmap
+++ xccdf_org.ssgproject.content_rule_file_owner_systemmap
@@ -1,2 +1,2 @@
-find /boot/ -maxdepth 1 -type f ! -uid 0 -regextype posix-extended -regex '^.*System\.map.*$' -exec chown 0 {} \;
+find /boot/ -maxdepth 1 -L -type f ! -uid 0 -regextype posix-extended -regex '^.*System\.map.*$' -exec chown -L 0 {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_group' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_group
+++ xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_group
@@ -1 +1 @@
-chgrp 0 /etc/group-
+chgrp -L 0 /etc/group-
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_gshadow' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_gshadow
+++ xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_gshadow
@@ -1 +1 @@
-chgrp 0 /etc/gshadow-
+chgrp -L 0 /etc/gshadow-
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_passwd' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_passwd
+++ xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_passwd
@@ -1 +1 @@
-chgrp 0 /etc/passwd-
+chgrp -L 0 /etc/passwd-
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_shadow' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_shadow
+++ xccdf_org.ssgproject.content_rule_file_groupowner_backup_etc_shadow
@@ -1 +1 @@
-chgrp 0 /etc/shadow-
+chgrp -L 0 /etc/shadow-
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_group' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_group
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_group
@@ -1 +1 @@
-chgrp 0 /etc/group
+chgrp -L 0 /etc/group
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow
@@ -1 +1 @@
-chgrp 0 /etc/gshadow
+chgrp -L 0 /etc/gshadow
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd
@@ -1 +1 @@
-chgrp 0 /etc/passwd
+chgrp -L 0 /etc/passwd
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow
@@ -1 +1 @@
-chgrp 0 /etc/shadow
+chgrp -L 0 /etc/shadow
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_shells' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_shells
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_shells
@@ -1 +1 @@
-chgrp 0 /etc/shells
+chgrp -L 0 /etc/shells
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_backup_etc_group' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_backup_etc_group
+++ xccdf_org.ssgproject.content_rule_file_owner_backup_etc_group
@@ -1 +1 @@
-chown 0 /etc/group-
+chown -L 0 /etc/group-
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_backup_etc_gshadow' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_backup_etc_gshadow
+++ xccdf_org.ssgproject.content_rule_file_owner_backup_etc_gshadow
@@ -1 +1 @@
-chown 0 /etc/gshadow-
+chown -L 0 /etc/gshadow-
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_backup_etc_passwd' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_backup_etc_passwd
+++ xccdf_org.ssgproject.content_rule_file_owner_backup_etc_passwd
@@ -1 +1 @@
-chown 0 /etc/passwd-
+chown -L 0 /etc/passwd-
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_backup_etc_shadow' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_backup_etc_shadow
+++ xccdf_org.ssgproject.content_rule_file_owner_backup_etc_shadow
@@ -1 +1 @@
-chown 0 /etc/shadow-
+chown -L 0 /etc/shadow-
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_group' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_group
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_group
@@ -1 +1 @@
-chown 0 /etc/group
+chown -L 0 /etc/group
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow
@@ -1 +1 @@
-chown 0 /etc/gshadow
+chown -L 0 /etc/gshadow
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_passwd' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_passwd
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_passwd
@@ -1 +1 @@
-chown 0 /etc/passwd
+chown -L 0 /etc/passwd
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_shadow' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_shadow
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_shadow
@@ -1 +1 @@
-chown 0 /etc/shadow
+chown -L 0 /etc/shadow
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_shells' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_shells
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_shells
@@ -1 +1 @@
-chown 0 /etc/shells
+chown -L 0 /etc/shells
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_var_log' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_var_log
+++ xccdf_org.ssgproject.content_rule_file_groupowner_var_log
@@ -1 +1 @@
-find -H /var/log/ -maxdepth 1 -type d -exec chgrp 0 {} \;
+find -H /var/log/ -maxdepth 1 -L -type d -exec chgrp -L 0 {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_var_log_messages' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_var_log_messages
+++ xccdf_org.ssgproject.content_rule_file_groupowner_var_log_messages
@@ -1 +1 @@
-chgrp 0 /var/log/messages
+chgrp -L 0 /var/log/messages
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_var_log_syslog' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_var_log_syslog
+++ xccdf_org.ssgproject.content_rule_file_groupowner_var_log_syslog
@@ -1 +1 @@
-chgrp 4 /var/log/syslog
+chgrp -L 4 /var/log/syslog
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_var_log' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_var_log
+++ xccdf_org.ssgproject.content_rule_file_owner_var_log
@@ -1 +1 @@
-find -H /var/log/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /var/log/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_var_log_messages' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_var_log_messages
+++ xccdf_org.ssgproject.content_rule_file_owner_var_log_messages
@@ -1 +1 @@
-chown 0 /var/log/messages
+chown -L 0 /var/log/messages
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_var_log_syslog' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_var_log_syslog
+++ xccdf_org.ssgproject.content_rule_file_owner_var_log_syslog
@@ -1 +1 @@
-chown 104 /var/log/syslog
+chown -L 104 /var/log/syslog
bash remediation for rule 'xccdf_org.ssgproject.content_rule_dir_group_ownership_library_dirs' differs.
--- xccdf_org.ssgproject.content_rule_dir_group_ownership_library_dirs
+++ xccdf_org.ssgproject.content_rule_dir_group_ownership_library_dirs
@@ -1,4 +1,4 @@
-find -H /lib/ -type d -exec chgrp 0 {} \;
-find -H /lib64/ -type d -exec chgrp 0 {} \;
-find -H /usr/lib/ -type d -exec chgrp 0 {} \;
-find -H /usr/lib64/ -type d -exec chgrp 0 {} \;
+find -H /lib/ -type d -exec chgrp -L 0 {} \;
+find -H /lib64/ -type d -exec chgrp -L 0 {} \;
+find -H /usr/lib/ -type d -exec chgrp -L 0 {} \;
+find -H /usr/lib64/ -type d -exec chgrp -L 0 {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_dir_ownership_binary_dirs' differs.
--- xccdf_org.ssgproject.content_rule_dir_ownership_binary_dirs
+++ xccdf_org.ssgproject.content_rule_dir_ownership_binary_dirs
@@ -1,6 +1,6 @@
-find -H /bin/ -type d -exec chown 0 {} \;
-find -H /sbin/ -type d -exec chown 0 {} \;
-find -H /usr/bin/ -type d -exec chown 0 {} \;
-find -H /usr/sbin/ -type d -exec chown 0 {} \;
-find -H /usr/local/bin/ -type d -exec chown 0 {} \;
-find -H /usr/local/sbin/ -type d -exec chown 0 {} \;
+find -H /bin/ -type d -exec chown -L 0 {} \;
+find -H /sbin/ -type d -exec chown -L 0 {} \;
+find -H /usr/bin/ -type d -exec chown -L 0 {} \;
+find -H /usr/sbin/ -type d -exec chown -L 0 {} \;
+find -H /usr/local/bin/ -type d -exec chown -L 0 {} \;
+find -H /usr/local/sbin/ -type d -exec chown -L 0 {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_dir_ownership_library_dirs' differs.
--- xccdf_org.ssgproject.content_rule_dir_ownership_library_dirs
+++ xccdf_org.ssgproject.content_rule_dir_ownership_library_dirs
@@ -1,4 +1,4 @@
-find -H /lib/ -type d -exec chown 0 {} \;
-find -H /lib64/ -type d -exec chown 0 {} \;
-find -H /usr/lib/ -type d -exec chown 0 {} \;
-find -H /usr/lib64/ -type d -exec chown 0 {} \;
+find -H /lib/ -type d -exec chown -L 0 {} \;
+find -H /lib64/ -type d -exec chown -L 0 {} \;
+find -H /usr/lib/ -type d -exec chown -L 0 {} \;
+find -H /usr/lib64/ -type d -exec chown -L 0 {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_groupowner_etc_sysctld' differs.
--- xccdf_org.ssgproject.content_rule_directory_groupowner_etc_sysctld
+++ xccdf_org.ssgproject.content_rule_directory_groupowner_etc_sysctld
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/sysctl.d/ -maxdepth 1 -type d -exec chgrp root {} \;
+find -H /etc/sysctl.d/ -maxdepth 1 -L -type d -exec chgrp -L root {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_owner_etc_sysctld' differs.
--- xccdf_org.ssgproject.content_rule_directory_owner_etc_sysctld
+++ xccdf_org.ssgproject.content_rule_directory_owner_etc_sysctld
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/sysctl.d/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/sysctl.d/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupownership_audit_binaries' differs.
--- xccdf_org.ssgproject.content_rule_file_groupownership_audit_binaries
+++ xccdf_org.ssgproject.content_rule_file_groupownership_audit_binaries
@@ -1,7 +1,7 @@
-chgrp 0 /sbin/auditctl
-chgrp 0 /sbin/aureport
-chgrp 0 /sbin/ausearch
-chgrp 0 /sbin/autrace
-chgrp 0 /sbin/auditd
-chgrp 0 /sbin/audispd
-chgrp 0 /sbin/augenrules
+chgrp -L 0 /sbin/auditctl
+chgrp -L 0 /sbin/aureport
+chgrp -L 0 /sbin/ausearch
+chgrp -L 0 /sbin/autrace
+chgrp -L 0 /sbin/auditd
+chgrp -L 0 /sbin/audispd
+chgrp -L 0 /sbin/augenrules
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_ownership_audit_binaries' differs.
--- xccdf_org.ssgproject.content_rule_file_ownership_audit_binaries
+++ xccdf_org.ssgproject.content_rule_file_ownership_audit_binaries
@@ -1,7 +1,7 @@
-chown 0 /sbin/auditctl
-chown 0 /sbin/aureport
-chown 0 /sbin/ausearch
-chown 0 /sbin/autrace
-chown 0 /sbin/auditd
-chown 0 /sbin/audispd
-chown 0 /sbin/augenrules
+chown -L 0 /sbin/auditctl
+chown -L 0 /sbin/aureport
+chown -L 0 /sbin/ausearch
+chown -L 0 /sbin/autrace
+chown -L 0 /sbin/auditd
+chown -L 0 /sbin/audispd
+chown -L 0 /sbin/augenrules
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_ownership_library_dirs' differs.
--- xccdf_org.ssgproject.content_rule_file_ownership_library_dirs
+++ xccdf_org.ssgproject.content_rule_file_ownership_library_dirs
@@ -1,8 +1,8 @@
-find /lib/ -type f ! -uid 0 -regextype posix-extended -regex '^.*$' -exec chown 0 {} \;
+find /lib/ -type f ! -uid 0 -regextype posix-extended -regex '^.*$' -exec chown -L 0 {} \;
-find /lib64/ -type f ! -uid 0 -regextype posix-extended -regex '^.*$' -exec chown 0 {} \;
+find /lib64/ -type f ! -uid 0 -regextype posix-extended -regex '^.*$' -exec chown -L 0 {} \;
-find /usr/lib/ -type f ! -uid 0 -regextype posix-extended -regex '^.*$' -exec chown 0 {} \;
+find /usr/lib/ -type f ! -uid 0 -regextype posix-extended -regex '^.*$' -exec chown -L 0 {} \;
-find /usr/lib64/ -type f ! -uid 0 -regextype posix-extended -regex '^.*$' -exec chown 0 {} \;
+find /usr/lib64/ -type f ! -uid 0 -regextype posix-extended -regex '^.*$' -exec chown -L 0 {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_root_permissions_syslibrary_files' differs.
--- xccdf_org.ssgproject.content_rule_root_permissions_syslibrary_files
+++ xccdf_org.ssgproject.content_rule_root_permissions_syslibrary_files
@@ -1,8 +1,8 @@
-find /lib/ -type f ! -group 0 -regextype posix-extended -regex '^.*$' -exec chgrp 0 {} \;
+find /lib/ -type f ! -group 0 -regextype posix-extended -regex '^.*$' -exec chgrp -L 0 {} \;
-find /lib64/ -type f ! -group 0 -regextype posix-extended -regex '^.*$' -exec chgrp 0 {} \;
+find /lib64/ -type f ! -group 0 -regextype posix-extended -regex '^.*$' -exec chgrp -L 0 {} \;
-find /usr/lib/ -type f ! -group 0 -regextype posix-extended -regex '^.*$' -exec chgrp 0 {} \;
+find /usr/lib/ -type f ! -group 0 -regextype posix-extended -regex '^.*$' -exec chgrp -L 0 {} \;
-find /usr/lib64/ -type f ! -group 0 -regextype posix-extended -regex '^.*$' -exec chgrp 0 {} \;
+find /usr/lib64/ -type f ! -group 0 -regextype posix-extended -regex '^.*$' -exec chgrp -L 0 {} \;
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_groupowner_etc_selinux' differs.
--- xccdf_org.ssgproject.content_rule_directory_groupowner_etc_selinux
+++ xccdf_org.ssgproject.content_rule_directory_groupowner_etc_selinux
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/selinux/ -maxdepth 1 -type d -exec chgrp root {} \;
+find -H /etc/selinux/ -maxdepth 1 -L -type d -exec chgrp -L root {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_directory_owner_etc_selinux' differs.
--- xccdf_org.ssgproject.content_rule_directory_owner_etc_selinux
+++ xccdf_org.ssgproject.content_rule_directory_owner_etc_selinux
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/selinux/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/selinux/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_sestatus_conf' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_sestatus_conf
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_sestatus_conf
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chgrp root /etc/sestatus.conf
+chgrp -L root /etc/sestatus.conf
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_sestatus_conf' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_sestatus_conf
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_sestatus_conf
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chown 0 /etc/sestatus.conf
+chown -L 0 /etc/sestatus.conf
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_cron_d' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_cron_d
+++ xccdf_org.ssgproject.content_rule_file_groupowner_cron_d
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/cron.d/ -maxdepth 1 -type d -exec chgrp 0 {} \;
+find -H /etc/cron.d/ -maxdepth 1 -L -type d -exec chgrp -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_cron_daily' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_cron_daily
+++ xccdf_org.ssgproject.content_rule_file_groupowner_cron_daily
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/cron.daily/ -maxdepth 1 -type d -exec chgrp 0 {} \;
+find -H /etc/cron.daily/ -maxdepth 1 -L -type d -exec chgrp -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_cron_hourly' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_cron_hourly
+++ xccdf_org.ssgproject.content_rule_file_groupowner_cron_hourly
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/cron.hourly/ -maxdepth 1 -type d -exec chgrp 0 {} \;
+find -H /etc/cron.hourly/ -maxdepth 1 -L -type d -exec chgrp -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_cron_monthly' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_cron_monthly
+++ xccdf_org.ssgproject.content_rule_file_groupowner_cron_monthly
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/cron.monthly/ -maxdepth 1 -type d -exec chgrp 0 {} \;
+find -H /etc/cron.monthly/ -maxdepth 1 -L -type d -exec chgrp -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_cron_weekly' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_cron_weekly
+++ xccdf_org.ssgproject.content_rule_file_groupowner_cron_weekly
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/cron.weekly/ -maxdepth 1 -type d -exec chgrp 0 {} \;
+find -H /etc/cron.weekly/ -maxdepth 1 -L -type d -exec chgrp -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_crontab' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_crontab
+++ xccdf_org.ssgproject.content_rule_file_groupowner_crontab
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chgrp 0 /etc/crontab
+chgrp -L 0 /etc/crontab
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_cron_d' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_cron_d
+++ xccdf_org.ssgproject.content_rule_file_owner_cron_d
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/cron.d/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/cron.d/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_cron_daily' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_cron_daily
+++ xccdf_org.ssgproject.content_rule_file_owner_cron_daily
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/cron.daily/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/cron.daily/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_cron_hourly' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_cron_hourly
+++ xccdf_org.ssgproject.content_rule_file_owner_cron_hourly
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/cron.hourly/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/cron.hourly/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_cron_monthly' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_cron_monthly
+++ xccdf_org.ssgproject.content_rule_file_owner_cron_monthly
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/cron.monthly/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/cron.monthly/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_cron_weekly' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_cron_weekly
+++ xccdf_org.ssgproject.content_rule_file_owner_cron_weekly
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find -H /etc/cron.weekly/ -maxdepth 1 -type d -exec chown 0 {} \;
+find -H /etc/cron.weekly/ -maxdepth 1 -L -type d -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_crontab' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_crontab
+++ xccdf_org.ssgproject.content_rule_file_owner_crontab
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chown 0 /etc/crontab
+chown -L 0 /etc/crontab
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_at_allow' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_at_allow
+++ xccdf_org.ssgproject.content_rule_file_groupowner_at_allow
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chgrp 0 /etc/at.allow
+chgrp -L 0 /etc/at.allow
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_cron_allow' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_cron_allow
+++ xccdf_org.ssgproject.content_rule_file_groupowner_cron_allow
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chgrp 0 /etc/cron.allow
+chgrp -L 0 /etc/cron.allow
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_cron_allow' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_cron_allow
+++ xccdf_org.ssgproject.content_rule_file_owner_cron_allow
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chown 0 /etc/cron.allow
+chown -L 0 /etc/cron.allow
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_chrony_keys' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_chrony_keys
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_chrony_keys
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chgrp root /etc/chrony.keys
+chgrp -L root /etc/chrony.keys
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_chrony_keys' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_chrony_keys
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_chrony_keys
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chown 0 /etc/chrony.keys
+chown -L 0 /etc/chrony.keys
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_sshd_config' differs.
--- xccdf_org.ssgproject.content_rule_file_groupowner_sshd_config
+++ xccdf_org.ssgproject.content_rule_file_groupowner_sshd_config
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chgrp 0 /etc/ssh/sshd_config
+chgrp -L 0 /etc/ssh/sshd_config
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupownership_sshd_private_key' differs.
--- xccdf_org.ssgproject.content_rule_file_groupownership_sshd_private_key
+++ xccdf_org.ssgproject.content_rule_file_groupownership_sshd_private_key
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find /etc/ssh/ -maxdepth 1 -type f ! -group ssh_keys -regextype posix-extended -regex '^.*_key$' -exec chgrp ssh_keys {} \;
+find /etc/ssh/ -maxdepth 1 -L -type f ! -group ssh_keys -regextype posix-extended -regex '^.*_key$' -exec chgrp -L ssh_keys {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupownership_sshd_pub_key' differs.
--- xccdf_org.ssgproject.content_rule_file_groupownership_sshd_pub_key
+++ xccdf_org.ssgproject.content_rule_file_groupownership_sshd_pub_key
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find /etc/ssh/ -maxdepth 1 -type f ! -group 0 -regextype posix-extended -regex '^.*\.pub$' -exec chgrp 0 {} \;
+find /etc/ssh/ -maxdepth 1 -L -type f ! -group 0 -regextype posix-extended -regex '^.*\.pub$' -exec chgrp -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_owner_sshd_config' differs.
--- xccdf_org.ssgproject.content_rule_file_owner_sshd_config
+++ xccdf_org.ssgproject.content_rule_file_owner_sshd_config
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-chown 0 /etc/ssh/sshd_config
+chown -L 0 /etc/ssh/sshd_config
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_ownership_sshd_private_key' differs.
--- xccdf_org.ssgproject.content_rule_file_ownership_sshd_private_key
+++ xccdf_org.ssgproject.content_rule_file_ownership_sshd_private_key
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find /etc/ssh/ -maxdepth 1 -type f ! -uid 0 -regextype posix-extended -regex '^.*_key$' -exec chown 0 {} \;
+find /etc/ssh/ -maxdepth 1 -L -type f ! -uid 0 -regextype posix-extended -regex '^.*_key$' -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_ownership_sshd_pub_key' differs.
--- xccdf_org.ssgproject.content_rule_file_ownership_sshd_pub_key
+++ xccdf_org.ssgproject.content_rule_file_ownership_sshd_pub_key
@@ -1,7 +1,7 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
-find /etc/ssh/ -maxdepth 1 -type f ! -uid 0 -regextype posix-extended -regex '^.*\.pub$' -exec chown 0 {} \;
+find /etc/ssh/ -maxdepth 1 -L -type f ! -uid 0 -regextype posix-extended -regex '^.*\.pub$' -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_groupownership_audit_configuration' differs.
--- xccdf_org.ssgproject.content_rule_file_groupownership_audit_configuration
+++ xccdf_org.ssgproject.content_rule_file_groupownership_audit_configuration
@@ -1,9 +1,9 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
-find /etc/audit/ -maxdepth 1 -type f ! -group 0 -regextype posix-extended -regex '^.*audit(\.rules|d\.conf)$' -exec chgrp 0 {} \;
+find /etc/audit/ -maxdepth 1 -L -type f ! -group 0 -regextype posix-extended -regex '^.*audit(\.rules|d\.conf)$' -exec chgrp -L 0 {} \;
-find /etc/audit/rules.d/ -maxdepth 1 -type f ! -group 0 -regextype posix-extended -regex '^.*\.rules$' -exec chgrp 0 {} \;
+find /etc/audit/rules.d/ -maxdepth 1 -L -type f ! -group 0 -regextype posix-extended -regex '^.*\.rules$' -exec chgrp -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_file_ownership_audit_configuration' differs.
--- xccdf_org.ssgproject.content_rule_file_ownership_audit_configuration
+++ xccdf_org.ssgproject.content_rule_file_ownership_audit_configuration
@@ -1,9 +1,9 @@
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
-find /etc/audit/ -maxdepth 1 -type f ! -uid 0 -regextype posix-extended -regex '^.*audit(\.rules|d\.conf)$' -exec chown 0 {} \;
+find /etc/audit/ -maxdepth 1 -L -type f ! -uid 0 -regextype posix-extended -regex '^.*audit(\.rules|d\.conf)$' -exec chown -L 0 {} \;
-find /etc/audit/rules.d/ -maxdepth 1 -type f ! -uid 0 -regextype posix-extended -regex '^.*\.rules$' -exec chown 0 {} \;
+find /etc/audit/rules.d/ -maxdepth 1 -L -type f ! -uid 0 -regextype posix-extended -regex '^.*\.rules$' -exec chown -L 0 {} \;
else
>&2 echo 'Remediation is not applicable, nothing was done'
bash remediation for rule 'xccdf_org.ssgproject.content_rule_audit_rules_login_events' differs.
--- xccdf_org.ssgproject.content_rule_audit_rules_login_events
+++ xccdf_org.ssgproject.content_rule_audit_rules_login_events
@@ -2,7 +2,7 @@
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && rpm --quiet -q audit; then
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
-
+echo hello
var_accounts_passwords_pam_faillock_dir=''
|
…th_test Disable service_enabled templated test for service_bluetooth_disabled
…ases Add through Fedora 45 for Fedora CPEs
For accounts_user_dot_no_world_writable_programs rule Signed-off-by: Armando Acosta <[email protected]>
Remove references for stig id's OL08-00-020220 OL08-00-010001 OL08-00-020221 Update stig profile version Signed-off-by: Armando Acosta <[email protected]>
Signed-off-by: Armando Acosta <[email protected]>
Update OL8 DISA STIG v2r1
…/passwd' to support SLE Micro 5
…dabot/github_actions/docker/build-push-action-6.5.0 Bump docker/build-push-action from 6.4.1 to 6.5.0
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@0d4c9c5...9780b0c) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…dabot/github_actions/docker/setup-qemu-action-3.2.0 Bump docker/setup-qemu-action from 3.1.0 to 3.2.0
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@4fd8129...aa33708) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…dabot/github_actions/docker/login-action-3.3.0 Bump docker/login-action from 3.2.0 to 3.3.0
…n_files_for_4.12 Add profile assertion files for OCP 4.12
…rofile-session-timeout OSPP profile, use Logind session timeout feature instead of tmux
…dabot/github_actions/docker/setup-buildx-action-3.5.0 Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
…bash Adjust bash template (group)file_owner to follow symlinks
Bumps [mikepenz/release-changelog-builder-action](https://github.com/mikepenz/release-changelog-builder-action) from 4.2.2 to 5. - [Release notes](https://github.com/mikepenz/release-changelog-builder-action/releases) - [Commits](mikepenz/release-changelog-builder-action@32e3c96...c7b3b6d) --- updated-dependencies: - dependency-name: mikepenz/release-changelog-builder-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
…_0_1_74 Update Contributors for v0.1.74
…dabot/github_actions/mikepenz/release-changelog-builder-action-5 Bump mikepenz/release-changelog-builder-action from 4.2.2 to 5
alanmcanonical
force-pushed
the
fix_automus_ubuntu
branch
from
ae346ff to
3272832
Compare
|
Change in Ansible Please consider using more suitable Ansible module than |
|
Change in Ansible Please consider using more suitable Ansible module than |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Rationale:
Rationale here. Replace this text. Don't use the italics format!
Fixes # Issue number here (e.g. Updating sysctl XCCDF naming ComplianceAsCode/content#26) or remove this line if no issue exists.
Review Hints:
Review hints here. Replace this text. Don't use the italics format!
Use this optional section to give any relevant information which could help the reviewer to more quickly and assertively understand and test the changes.
Good examples are useful commands, if it is better to review all commits together or in a suggested sequence, any relevant discussion in other PRs or issues, etc.