Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SINGLE and PROMPT parameters. #92

Merged
merged 2 commits into from
Nov 24, 2015
Merged

Add SINGLE and PROMPT parameters. #92

merged 2 commits into from
Nov 24, 2015

Conversation

foonix
Copy link
Contributor

@foonix foonix commented Oct 12, 2015

Changing settings for SINGLE and PROMPT is required for CIS 1.5.4 - 1.5.5. This PR enables these to be set and sets the recommended settings by default.

@foonix foonix closed this Oct 22, 2015
@foonix foonix reopened this Oct 22, 2015
@chris-rock
Copy link
Member

great addition @foonix We had some troubles with latest travis tests. We fixed those in our latest master. Could you rebase your branch please?

@foonix foonix force-pushed the sysconfig-init-parameters branch from e356e20 to 3a71caa Compare October 28, 2015 14:35
@foonix
Copy link
Contributor Author

foonix commented Oct 28, 2015

Done, thanks!

chris-rock
chris-rock reviewed Nov 19, 2015
View reviewed changes
templates/default/rhel_sysconfig_init.erb
@@ -21,14 +21,14 @@ SETCOLOR_WARNING="echo -en \\033[0;33m"
# terminal sequence to reset to the default color.
SETCOLOR_NORMAL="echo -en \\033[0;39m"
# Set to anything other than 'no' to allow hotkey interactive startup...
PROMPT=yes
PROMPT=<%= @prompt ? 'yes' : 'no' %>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you changed the default from yes to no, is that intentional?

@foonix
Copy link
Contributor Author

foonix commented Nov 20, 2015

The CIS recommendations for server hardening are to set PROMPT=no and SINGLE=/sbin/sulogin. Would you like to switch back to the OS default? It's not a problem for me but it seemed the more secure settings would be good for defaults.

@chris-rock
Copy link
Member

@foonix I would like to make this a two step approach. First, add the flexibility, Second activate it. I'd like to ensure that we change behavior with the required version bump. Does that make any sense?

@foonix
Copy link
Contributor Author

foonix commented Nov 23, 2015

Thanks for the feedback. Done and done.

@chris-rock
Copy link
Member

@foonix Great work. Thank you very much!

chris-rock added a commit that referenced this pull request Nov 24, 2015
@chris-rock
Merge pull request #92 from foonix/sysconfig-init-parameters
bbd8e4a 
Add SINGLE and PROMPT parameters.
@chris-rock chris-rock merged commit bbd8e4a into dev-sec:master Nov 24, 2015
rndmh3ro pushed a commit to dev-sec/ansible-collection-hardening that referenced this pull request Dec 20, 2015
add SINGLE and PROMPT parameters
8b4a92e 
see dev-sec/chef-os-hardening#92
@rndmh3ro rndmh3ro mentioned this pull request Dec 20, 2015
Merged
@foonix foonix deleted the sysconfig-init-parameters branch March 11, 2016 00:15
rollbrettler pushed a commit to rollbrettler/chef-os-hardening that referenced this pull request Sep 16, 2016
@arlimus
Merge pull request dev-sec#92 from hardening-io/notification
a82afd4 
remove old slack notification
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@foonix @chris-rock