-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PE-5714 #321
PE-5714 #321
Conversation
@@ -529,18 +529,18 @@ harden_system() { | |||
fi | |||
|
|||
echo "Fix permission of all cron files" | |||
for each in `echo /etc/cron.daily /etc/cron.hourly /etc/cron.d /etc/cron.monthly /etc/cron.weekly /etc/crontab` | |||
for each in echo /etc/cron.daily /etc/cron.hourly /etc/cron.d /etc/cron.monthly /etc/cron.weekly /etc/crontab |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will not work as expected. the recommendation was to use the commands $(...) notation instead of legacy backticks
fi | ||
fi | ||
done | ||
|
||
echo "Remove cron and at deny files and have allow files in place" | ||
echo "Remove cron and at deny files anf have allow files in place" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you fix the typo in this line ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated.
echo "auth sufficient pam_faillock.so authsucc audit deny=4 fail_interval=900 unlock_time=600" | ||
echo "auth requisite pam_deny.so" | ||
echo "auth required pam_permit.so" | ||
} > /etc/pam.d/common-auth |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using this approach, will the content get appended if the file has existing content?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated with >> /etc/pam.d/common-auth
echo "Privileged containers are not allowed for the current user." | ||
exit 1 | ||
fi | ||
if [ -z "$HTTP_PROXY" ] && [ -z "$HTTPS_PROXY" ] && [ -z "$(find certs -type f ! -name '.*' -print -quit)" ]; then | ||
if [ -z "$HTTP_PROXY" ] && [ -z "$HTTPS_PROXY"]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The 3rd condition is missing ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated.
@@ -94,14 +94,6 @@ PE_VERSION=$(git describe --abbrev=0 --tags) | |||
SPECTRO_PUB_REPO=us-docker.pkg.dev/palette-images | |||
EARTHLY_VERSION=v0.8.15 | |||
source .arg | |||
|
|||
# Workaround to support deprecated field PROXY_CERT_PATH |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This special handling is missing in your changes. Could you check it out again ?
closing this PR, have a new one to work on the updates. |
No description provided.