-
Notifications
You must be signed in to change notification settings - Fork 729
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update readme, todo, changelog, vars #30
Conversation
* This commit updates the readme in several ways. * It adds a todo-list and a changelog. * It deletes unused variables
@@ -36,15 +27,12 @@ os_security_suid_sgid_whitelist: [] | |||
os_security_suid_sgid_remove_from_unknown: false | |||
|
|||
# remove packages with known issues | |||
os_security_packages_clean: true | |||
os_security_packages_clean: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rndmh3ro Is there any reason, why we set this value to false? I admit we do not have a great test coverage in our specs for package removal yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I read this comment here: dev-sec/chef-os-hardening#12 (comment)
But I just checked, in the chef-os-hardening cookbook, the variable is set to true. So I'll set it to true here, too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I get the confusion. The implementation discusses a default setting to false, but we ultimately decided to keep true default. See https://github.com/hardening-io/chef-os-hardening/pull/12/files#diff-25e5d4a4446ae12a0d6f1162b6160375R81
I add a ticket to the test to make this more explicit, because it is confusing indeed.
Update readme, todo, changelog, vars
Thank you very much @rndmh3ro |
Change oneliner if-statements to be more readable
make mysql daemon enabling configurable
* fix linting issues Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * set file permissions Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Change oneliner if-statements to be more readable
make mysql daemon enabling configurable
* fix linting issues Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * set file permissions Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
os_security_packages_clean
to false so no packages get uninstalled by default.