Skip to content

Fixes for auditing rules in sle15 and sle16 previously disabled #14132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Fixes for auditing rules in sle15 and sle16 previously disabled #14132

wants to merge 4 commits into from
+68 −21

Conversation

@teacup-on-rockingchair
Copy link
Contributor

@teacup-on-rockingchair teacup-on-rockingchair commented Nov 17, 2025

Description:

  • Enable some audit rules in the context of sle platforms. Rules were previously disabled due to lack of support.

Rationale:

  • Enable auditd_name_format rule for sle15/16
  • Enable pcidss related audit rules (audit_rules_file_deletion_events_renameat2, audit_rules_mac_modification_etc_selinux, auditd_name_format) for latest sle15 and sle16
  • Add definition for audisp_conf_path for sle15/16

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Nov 17, 2025
@openshift-ci
Copy link

openshift-ci bot commented Nov 17, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@teacup-on-rockingchair teacup-on-rockingchair added Ansible Ansible remediation update. Bash Bash remediation update. Update Rule Issues or pull requests related to Rules updates. Update Profile Issues or pull requests related to Profiles updates. pci-dss labels Nov 17, 2025
@teacup-on-rockingchair teacup-on-rockingchair added this to the 0.1.79 milestone Nov 17, 2025
@teacup-on-rockingchair teacup-on-rockingchair marked this pull request as ready for review November 17, 2025 19:46
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Nov 17, 2025
Mab879
Mab879 reviewed Nov 17, 2025
View reviewed changes
Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please take look at the YAML lint findings.

@openshift-ci
Copy link

openshift-ci bot commented Nov 18, 2025

@teacup-on-rockingchair: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-platform-compliance af9cb94 link true /test e2e-aws-openshift-platform-compliance
ci/prow/e2e-aws-openshift-node-compliance af9cb94 link true /test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@jan-cerny jan-cerny modified the milestones: 0.1.79, 0.1.80 Nov 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mab879 Mab879 Mab879 approved these changes

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@vojtapolasek vojtapolasek Awaiting requested review from vojtapolasek vojtapolasek is a code owner

@jan-cerny jan-cerny Awaiting requested review from jan-cerny jan-cerny is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Ansible Ansible remediation update. Bash Bash remediation update. pci-dss Update Profile Issues or pull requests related to Profiles updates. Update Rule Issues or pull requests related to Rules updates.

Projects

None yet

Milestone

0.1.80

Development

Successfully merging this pull request may close these issues.

3 participants

@teacup-on-rockingchair @Mab879 @jan-cerny