Skip to content

Add rule accounts_umask_etc_bashrc and accounts_umask_etc_profile to Hummingbird#14630

Merged
matusmarhefka merged 6 commits intoComplianceAsCode:masterfrom
jan-cerny:hummingbird_umask
Apr 13, 2026
Merged

Add rule accounts_umask_etc_bashrc and accounts_umask_etc_profile to Hummingbird#14630
matusmarhefka merged 6 commits intoComplianceAsCode:masterfrom
jan-cerny:hummingbird_umask

Conversation

@jan-cerny
Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny commented Apr 8, 2026
edited
Loading

Description:

Add rules accounts_umask_etc_bashrc and accounts_umask_etc_profile to Hummingbird to STIG and CIS profiles. Add a special remediation for hummingbird for these rules.

Rationale:

The rules accounts_umask_etc_bashrc and accounts_umask_etc_profile evaluate as FAIL by default on most hummingbird images. Having these rules with a remediation in the content will allow us to demonstrate and test how the remediation will work during the container image build time.

Review Hints:

@jan-cerny jan-cerny added the Hummingbird Hummingbird project or container images related label Apr 8, 2026
@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Apr 8, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Apr 8, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@jan-cerny jan-cerny added this to the 0.1.81 milestone Apr 10, 2026
@jan-cerny jan-cerny marked this pull request as ready for review April 10, 2026 14:14
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Apr 10, 2026
@matusmarhefka matusmarhefka self-assigned this Apr 13, 2026
@jan-cerny
Change applicability in user_umask group
6897dc7 
The rule accounts_umask_etc_bashrc becomes applicable on containers.
To do that, we will remove the system_with_kernel platform from the
group.yml and we move the platform to the individual rules.
@jan-cerny
Add rule accounts_umask_etc_bashrc to hummingbird
3ea1e33
@jan-cerny
Add hummingbird remediation for accounts_umask_etc_bashrc
16afb62
@jan-cerny
Fix yamllint problems
bf1c05b
@jan-cerny jan-cerny changed the title Add rule accounts_umask_etc_bashrc to Hummingbird Add rule accounts_umask_etc_bashrc and accounts_umask_etc_profile to Hummingbird Apr 13, 2026
@jan-cerny
Add hummmingbird remediation for accounts_umask_etc_profile
2eb1b55 
Similar to accounts_umask_etc_bashrc, this rule would make sense
for hardening hummingbird container images.
@matusmarhefka matusmarhefka merged commit f770821 into ComplianceAsCode:master Apr 13, 2026
62 of 65 checks passed
@jan-cerny jan-cerny mentioned this pull request Apr 13, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matusmarhefka matusmarhefka matusmarhefka approved these changes

Assignees

@matusmarhefka matusmarhefka

Labels

Hummingbird Hummingbird project or container images related

Projects

None yet

Milestone

0.1.81

Development

Successfully merging this pull request may close these issues.

2 participants

@jan-cerny @matusmarhefka