Project

General

Profile

Actions
Copy link

action #92473

closed

coordination #91383: [security][epic] tracker poo for "Lynis test cases softfails in OpenQA"

[sle][security][sle15sp3] Lynis: fix softfailure on "Software_firewalls"

Added by llzhao over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
llzhao
Category:
Enhancement to existing tests
Target version:
-
Start date:
2021-05-11
Due date:
% Done:

100%

Estimated time:
12.00 h
Difficulty:

Description

e.g., https://openqa.suse.de/tests/5989942#step/18_[+]_Software:_firewalls/4
This warning ( - Checking for empty ruleset [ WARNING ]) introduces soft failure.

The baseline:
[+] Software: firewalls

- Checking iptables kernel module [ FOUND ]
- Checking iptables policies of chains [ FOUND ]
- Checking for empty ruleset [ OK ]
- Checking for unused rules [ FOUND ]
- Checking host based firewall [ ACTIVE ]

The current contents:
[+] Software: firewalls

- Checking iptables kernel module [ FOUND ]
- Checking iptables policies of chains [ FOUND ]
- Checking for empty ruleset [ WARNING ]
- Checking for unused rules [ OK ]
- Checking host based firewall [ ACTIVE ]

Actions
Copy link
 #1

Updated by llzhao over 3 years ago

  • Status changed from New to In Progress
Actions
Copy link
 #2

Updated by llzhao over 3 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 90

Please see Bug 1185942 - lynis found a [warning] on firewalls: "Checking for empty ruleset - [ WARNING ]"
for more info.
Test code do not need to be revised atm, let's check the openQA run when the fix (upgrade lynis pkg version to https://github.com/CISOfy/lynis/releases/tag/3.0.4) is available.

Actions
Copy link
 #3

Updated by llzhao over 3 years ago

  • Status changed from Feedback to Resolved
  • % Done changed from 90 to 100

Since the GMC was released let's move this poo to resolved atm.

Actions
Copy link

Also available in: Atom PDF