SPECS: scap-security-guide: update support for openRuyi#393
SPECS: scap-security-guide: update support for openRuyi#393woqidaideshi wants to merge 1 commit into
Conversation
misaka00251
added
the
Workflow: In Review
Jingwiw
left a comment
Jingwiw
left a comment
There was a problem hiding this comment.
It would be helpful to share basic build and oscap test results on an openRuyi RISC-V system or rootfs before deciding the final default rule set.
| +# platform = multi_platform_openruyi | ||
| +# check-import = stdout | ||
| + | ||
| +temp=$(find ./ -type l -follow) |
There was a problem hiding this comment.
file_empty_link_prohibit says it cannot be scanned automatically, but adds an SCE check that only scans ./ instead of the target root filesystem. This may easily pass incorrectly?
| +# platform = multi_platform_openruyi | ||
| +# check-import = stdout | ||
| + | ||
| +temp=$(find / -type f -name "\.*" -perm /+x) |
There was a problem hiding this comment.
file_hidden_executable_prohibit scans the whole / without pruning /proc, /sys, /dev, /run, etc., and does not implement the exceptions mentioned in the rule description.
| + - base | ||
| + status: automated | ||
| + rules: | ||
| + - configure_crypto_policy |
There was a problem hiding this comment.
I do not see crypto-policies packaging in openRuyi...So this rule/remediation will be permanently non-applicable or failing. Please either add the required package support, remove this rule from the base profile, or provide evidence that openRuyi supports this crypto policy framework.
woqidaideshi
force-pushed
the
scap-security-guide-new
branch
from
6ccc8cb to
d796131
Compare
3 participants
Simplify openruyi test cases for common users.