Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update docs for cis hardening #802

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

Update docs for cis hardening #802

wants to merge 14 commits into from

Conversation

ktsakalozos
Copy link
Member

  • update the CIS hardening how-to with CIS auditing section
  • update the CIS reports generation tool to give us the format we want
  • update the CIS hardening checks to include dqlite in place of etcd
  • review the CIS hardening checks

@ktsakalozos ktsakalozos requested a review from a team as a code owner November 15, 2024 12:03
@github-actions GitHub Actions
Copy link
Contributor

Hi, looks like pyspelling job found some issues, you can check it here

nhennigan
nhennigan reviewed Nov 15, 2024
View reviewed changes
docs/src/snap/howto/cis-hardening.md Outdated Show resolved Hide resolved
docs/src/snap/howto/cis-hardening.md Show resolved Hide resolved
docs/src/snap/howto/cis-hardening.md Outdated Show resolved Hide resolved
k8s/scripts/cis/README.md Show resolved Hide resolved
k8s/scripts/cis/README.md Show resolved Hide resolved
k8s/scripts/cis/cis-template.jinja2 Show resolved Hide resolved
k8s/scripts/cis/cis-yaml-to-md.py Outdated Show resolved Hide resolved
bschimke95
bschimke95 approved these changes Nov 20, 2024
View reviewed changes
Copy link
Contributor

@bschimke95 bschimke95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, @nhennigan to give final approval.

nhennigan
nhennigan reviewed Nov 20, 2024
View reviewed changes
Copy link
Contributor

@nhennigan nhennigan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There were a few cases where the expected output did not match the remediation suggestion. If this is meant to be the expected output of the system as is when shipped then ignore my comments but we should make that clear.

We also have (automated) and (manual) beside all audit steps. Do we mean that automated steps should be configured by default? If so there were a few on my local tests that were labeled (automated) but not set

docs/src/snap/howto/cis-hardening.md Outdated Show resolved Hide resolved
docs/src/snap/howto/cis-hardening.md Show resolved Hide resolved
docs/src/snap/howto/cis-hardening.md Outdated Show resolved Hide resolved
docs/src/snap/howto/cis-hardening.md Show resolved Hide resolved
docs/src/snap/howto/cis-hardening.md Outdated Show resolved Hide resolved
docs/src/snap/howto/cis-hardening.md Outdated Show resolved Hide resolved
docs/src/snap/howto/cis-hardening.md Outdated Show resolved Hide resolved
docs/src/snap/howto/cis-hardening.md Outdated Show resolved Hide resolved
docs/src/snap/howto/cis-hardening.md Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bschimke95 bschimke95 bschimke95 approved these changes

@nhennigan nhennigan Awaiting requested review from nhennigan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ktsakalozos @nhennigan @bschimke95