Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Sep 27 09:36
    sas101 opened #484
  • Sep 27 01:42
    zetanor commented #365
  • Sep 27 01:41
    zetanor commented #365
  • Sep 22 12:35
    dedavlade closed #482
  • Sep 22 12:35
    dedavlade commented #482
  • Sep 21 13:43
    schurzi commented #483
  • Sep 21 13:21
    rndmh3ro commented #483
  • Sep 21 09:37
    cmhe opened #483
  • Sep 18 07:31
    schurzi commented #482
  • Sep 17 22:41
    dedavlade opened #482
  • Sep 16 11:41
    schurzi commented #20
  • Sep 15 16:56
    schurzi commented on 43f05b0
  • Sep 14 07:31
    cmhe edited #159
  • Sep 14 07:02
    cmhe opened #160
  • Sep 14 06:41
    cmhe opened #159
  • Sep 13 18:23
    rndmh3ro closed #481
  • Sep 13 18:23
    rndmh3ro commented #481
  • Sep 13 18:19
    klemmchr commented #481
  • Sep 13 17:57
    rndmh3ro commented #481
  • Sep 13 17:29
    klemmchr commented #481
Marc Chamberland
@bobchaos
if I'm being perfectly honest, I had no clue what I was doing and just following github's instructions on that one XD I'm going to be doing some reading tonight
Artem Sidorenko
@artem-sidorenko
:-) its completely okay, we are here to help, just feel free to ask
Marc Chamberland
@bobchaos
the git job is a mess ut at least I think you'll like the actual implementation, it handles all possible values as strings OR TrueClass/FalseClass and has the decency to abort the run if you're passing bad values
anyhow, I'm headed home but I'll pick this up tomorrow morning
thx for your help!
Artem Sidorenko
@artem-sidorenko
sounds good!
Artem Sidorenko
@artem-sidorenko
@bobchaos regarding cookstyle and rubocop, you are completely right. We still use the older rubocop version, cookstyle 3 relies on the rubocop 0.55.0 and we have 0.49.1. I created dev-sec/chef-ssh-hardening#210 to address that issue
if you want to do the validation locally, please do it via bundle install ; bundle exec rubocop or similar ways
Marc Chamberland
@bobchaos
Morning @artem-sidorenko I've reopened a PR and leaving it as is for now but it has some issues, just let me know what needs to be done and I'll fix it. I'ma keep an eye on this channel throughout the day
Artem Sidorenko
@artem-sidorenko

@bobchaos good evening :) Can you please add sign-off to your commit?

git commit --amend --signoff
git push --force

in your local clone and branch

and can you please rebase the entire PR on the latest master to resolve the conflict? https://github.com/edx/edx-platform/wiki/How-to-Rebase-a-Pull-Request#perform-a-rebase
Marc Chamberland
@bobchaos
should I squash or plain old rebase?
Artem Sidorenko
@artem-sidorenko
please do not squash, just rebase on the latest master
and resolve the conflict during the rebase
conflct resolution works similar to the conflicts during a merge:
  • you fix the lines in the file, then
  • git add [conflicting file]
  • git rebase --continue
Marc Chamberland
@bobchaos
in answer to your github comment, I can write inspec but not ChefSpec, but I don't mind taking a crack at it. Do we want tests for all possible values?
README fix, rubocop fixes, merge conflict resoltion and rebase all pushed
Artem Sidorenko
@artem-sidorenko
@bobchaos thanks, it looks good. Basic logic check would be enough I think: true/false/ethernet/incorect value
Marc Chamberland
@bobchaos
just pushed some chefspecs, they all come out green but those are my very first chefspec tests, I'd recommend a second look o.O
Artem Sidorenko
@artem-sidorenko
@bobchaos you go into the right direction, but you need another iteration for chefspec tests. Please see my comments in the PR ;-)
Marc Chamberland
@bobchaos
i fixed em according to your comments, will push in a min, but this little adventure reminds me of why i never did chefspecs in the first place: they provide very little benefit over inspec, basic kitchen testing provides the same coverage :/
pushed!
Artem Sidorenko
@artem-sidorenko
@bobchaos thats right, I use chefspec only to test the logic, nothing more. If you would like to test the logic with inspec/test-kitchen, you will have to create another suite -> what if you have several parameters which depend on the logic? To create a new suite for each of them is a bit an overkill, and here is chefspec a pretty good option
Jason Carter
@JasonCarter80
Looking at dev-sec ansible roles, I see Amazon Linux, what about AmazonLinux 2, is it covered?
Marc Chamberland
@bobchaos
@artem-sidorenko should be ready for merge now, thanks a bunch for your help on the git and Chefspec stuff
are there plans for a release soon?
Artem Sidorenko
@artem-sidorenko
@bobchaos I'll have a look tomorrow, if Travis will be green - I'll merge and issue a minor release. Thanks for picking up of this topic and bringing it to a very good and nice end!
Marc Chamberland
@bobchaos
morning! (well, evening!), I'ma do a wee bit of googling and submit the final requested fix in the next hour
Marc Chamberland
@bobchaos
looks like its going to be a busy day for me but I squeezed in the requested change, that said it looks both syntax work (altho my search didn't specify if one syntax may not be more recent or something :/ ). It should now conform to your standards
Artem Sidorenko
@artem-sidorenko
@bobchaos thanks! But its not about style, its about logic:) If you provide a wrong value - you expect to get the exception, so should not it be .to raise_exception?
Marc Chamberland
@bobchaos
o i get it, sorry o.O I should have started my day with more coffee XD
i'ma revert that commit and force push a new one
here's my worry: it was still returning green, so presumably i got something much worse going on no?
Marc Chamberland
@bobchaos
so with .to i get with an invalid string abort the Chef run (FAILED - 1), am I misunderstanding ChefSpec's output, or is my test still not functional? o.O
(that line is red in the output if the coloring means anything)
@artem-sidorenko ^ (when you have a minute, no hurry, just didn't dare to poke you before cuz Germany is far and all humans deserve good sleep ;) )
Artem Sidorenko
@artem-sidorenko
@bobchaos its some weird thing, looks somehow related to the lazy execution with template resouce in the server recipe. Because of lazy execution the exception is somehow catched but ignored within rspec/chefspec. I moved this test to the unit testing of library, this should be enouth. I force-pushed the PR with my fix on top, once travis is green I'll merge it. Thats for good collaboration!
Marc Chamberland
@bobchaos
works for me, I'll keep an eye on the supermarket. Thanks again for all your help, hopefully my next contribution will be more straightforward now that I'm familiar with your process
Artem Sidorenko
@artem-sidorenko
Marc Chamberland
@bobchaos
hurray :D
Artem Sidorenko
@artem-sidorenko
@rndmh3ro I guess the question of @JasonCarter80 is for you :-)
Sebastian Gumprich
@rndmh3ro
@JasonCarter80 Sorry for not noticing your question! We actually use amazonlinux 2!
Artem Sidorenko
@artem-sidorenko
Hi all, as gitter is rarelly used and even not really accepted by all maintainers, we decided to deprecate this communication channel in favour of mailing lists. See this blog post for more details: https://dev-sec.io/blog/2019-02-13-communication-ways/
drew
@drewkhoury_twitter
Hi. How do I run this against a container image (or running container) ... Doe it require inspec or ssh on the container itself? I'm a bit confused on how I test containers (not docker daemon)
Jimi Sanchez
@jimilinuxguy
looking at the cis-docker benchmarks i see a few things like the ulimits in /etc/docker/daemon.json are required even if they are present in /etc/sysconfig/docker 's $DOCKER_OPTIONS ... defining in both places causes docker to not start... is there a way to skip_control the tests that look at the json file or the opposite, the ones that look at the process command args, (in bulk maybe?)
Sebastian Gumprich
@rndmh3ro
@jimilinuxguy - Hi all, as gitter is rarelly used and even not really accepted by all maintainers, we decided to deprecate this communication channel in favour of mailing lists. See this blog post for more details: https://dev-sec.io/blog/2019-02-13-communication-ways/
1 reply
Bharathkumar
@Bharathkumarraju
Hi Team..is there any playbooks available to compliance with https://github.com/dev-sec/cis-dil-benchmark for centos7 and 8 cause the basic ones ssh-hardening and os-hardening provided by you guys not satisifying cis-dil-benchmark
Bharathkumar
@Bharathkumarraju
cause i don't find them your git repos
Sebastian Gumprich
@rndmh3ro
Hi @Bharathkumarraju, no there aren't any. Also: Hi all, as gitter is rarelly used and even not really accepted by all maintainers, we decided to deprecate this communication channel in favour of mailing lists. See this blog post for more details: https://dev-sec.io/blog/2019-02-13-communication-ways/