Update readme, todo, changelog, vars #30
Conversation
* This commit updates the readme in several ways. * It adds a todo-list and a changelog. * It deletes unused variables
| @@ -36,15 +27,12 @@ os_security_suid_sgid_whitelist: [] | |||
| os_security_suid_sgid_remove_from_unknown: false | |||
|
|
|||
| # remove packages with known issues | |||
| os_security_packages_clean: true | |||
| os_security_packages_clean: false | |||
There was a problem hiding this comment.
@rndmh3ro Is there any reason, why we set this value to false? I admit we do not have a great test coverage in our specs for package removal yet.
There was a problem hiding this comment.
Well, I read this comment here: dev-sec/chef-os-hardening#12 (comment)
But I just checked, in the chef-os-hardening cookbook, the variable is set to true. So I'll set it to true here, too.
There was a problem hiding this comment.
Oh, I get the confusion. The implementation discusses a default setting to false, but we ultimately decided to keep true default. See https://github.com/hardening-io/chef-os-hardening/pull/12/files#diff-25e5d4a4446ae12a0d6f1162b6160375R81
I add a ticket to the test to make this more explicit, because it is confusing indeed.
Update readme, todo, changelog, vars
|
Thank you very much @rndmh3ro |
Change oneliner if-statements to be more readable
make mysql daemon enabling configurable
* fix linting issues Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * set file permissions Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Change oneliner if-statements to be more readable
make mysql daemon enabling configurable
* fix linting issues Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * set file permissions Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
os_security_packages_cleanto false so no packages get uninstalled by default.