-
Notifications
You must be signed in to change notification settings - Fork 729
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
intent of role? #121
Comments
The intention is to harden your server but it is done according to the inspec-baseline you linked. |
So it currently doesn't pass that spec. Is that just because it hasn't been completed yet? |
Where do you see its not passing? Looks good to me: https://travis-ci.org/dev-sec/ansible-os-hardening |
Hmm, I'm getting a different result. I'm also showing more tests:
I installed the role using: Then ran it against my server, then ran the inspec test and got the results above. Is that the correct process? |
I just noticed you are passing the --controls switch. When I mimic that, it does pass. Can you provide some clarification on why you don't run all controls? |
Sorry, I forgot to mention that there are missing sysctl-settings in the role. They are currently being added here: #120 The reason there are less (and no failing) tests in travis is, that there the sysctl-tests are missing there. That's because the travis tests run in docker, where you cannot easily set sysctl-parameter. |
Gotcha, so the idea is that eventually all specs will pass if run against a regular (non-docker) host? |
Yes, when the PR is merged, then all tests should pass! |
Great, thanks for the info! |
Add comment filter to {{ansible_managed}} string
Add comment filter to {{ansible_managed}} string
Is this role intended to make this spec(https://github.com/dev-sec/linux-baseline) pass? Just curious, since that repo links to this role but currently it does not pass that spec.
The text was updated successfully, but these errors were encountered: