UNCLASSIFIED
Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Open sidebar
Ironbank Containers
S
Splunk
splunk
splunk
Commits
1373c9fc
Commit
1373c9fc
authored
Aug 16, 2021
by
bpluta
Browse files
fix OpenSCAP findings
parent
722607a4
Pipeline
#428272
failed with stages
in 1 minute and 45 seconds
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
30 additions
and
0 deletions
+30
-0
Dockerfile
Dockerfile
+25
-0
hardening_manifest.yaml
hardening_manifest.yaml
+5
-0
No files found.
Dockerfile
View file @
1373c9fc
...
...
@@ -161,6 +161,31 @@ RUN echo 'Create the ansible user/group' \
&&
chmod
755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh
RUN
microdnf remove
-y
shadow-utils
#STIG the instance
COPY
ubi8-development.tar.gz /ubi8-development.tar.gz
RUN
tar
-zxvf
/ubi8-development.tar.gz
RUN
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_difok.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_enforce_local.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_local.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_disable_users_coredumps.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs.sh
&&
\
ubi8-development-scripts/scripts/xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration.sh
RUN
rm
-fdr
ubi8-development
USER
${SPLUNK_USER}
HEALTHCHECK
--interval=30s --timeout=30s --start-period=3m --retries=5 CMD /sbin/checkstate.sh || exit 1
ENTRYPOINT
[ "/sbin/entrypoint.sh" ]
...
...
hardening_manifest.yaml
View file @
1373c9fc
...
...
@@ -138,6 +138,11 @@ resources:
validation
:
type
:
sha256
value
:
2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0
-
url
:
https://repo1.dso.mil/dsop/redhat/ubi/ubi8/-/archive/development/ubi8-development.tar.gz
filename
:
ubi8-development.tar.gz
validation
:
type
:
sha256
value
:
fea622b296702ec7db0b0682c04af3469b599c82bd6fda648503fae3f2a74bc9
maintainers
:
-
name
:
"
Bryan
Pluta"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
