Reformatted standalone policy files with cfengine format#3675
Reformatted standalone policy files with cfengine format#3675olehermanse wants to merge 2 commits into
Conversation
|
@cf-bottom jenkins, please |
|
Alright, I triggered a build: Jenkins: https://ci.cfengine.com/job/fast-build-and-deploy-docs-master/63/ Documentation: http://buildcache.cfengine.com/packages/build-documentation-pr/jenkins-fast-build-and-deploy-docs-master-63/output/_site/ |
Signed-off-by: Ole Herman Schumacher Elgesem <ole@northern.tech>
Signed-off-by: Ole Herman Schumacher Elgesem <ole@northern.tech>
olehermanse
changed the title
olehermanse
requested review from
craigcomstock and
nickanderson
and removed request for
craigcomstock
|
@cf-bottom jenkins, please |
|
Alright, I triggered a build: Jenkins: https://ci.cfengine.com/job/fast-build-and-deploy-docs-master/64/ Documentation: http://buildcache.cfengine.com/packages/build-documentation-pr/jenkins-fast-build-and-deploy-docs-master-64/output/_site/ |
craigcomstock
left a comment
craigcomstock
left a comment
There was a problem hiding this comment.
I understand that comment placement is tricky so am approving this PR even though I found several places that seem to need more work to transition from old policy to formatted policy with comments.
| when_no_source => "force"; | ||
| # kill | ||
| link_children => "true"; | ||
| when_linking_children => "if_no_such_file"; | ||
| # "override_file"; |
There was a problem hiding this comment.
these comments probably should be ABOVE the line they are commenting on or transformed into a comment attribute. I bet you handled this in a subsequent commit :)
| # }; | ||
| "accounts_to_delete" -> { |
There was a problem hiding this comment.
there should probably be a gap here or delete the commented out code or ???
| # perms => mog("755","root","root"); | ||
| "/etc/rc.d/init.d" -> { |
| # "/etc/hosts.allow" -> { "GEN006620" } | ||
| # comment => "CAT II UNIX STIG: 6.6 Access Control Programs and TCP_WRAPPERS", | ||
| # handle => "stigs_files_redhat_5_etc_hosts_allow", | ||
| # edit_line => append_if_no_lines("@(stigs.hosts_allow)"); | ||
| # "/etc/hosts.deny" -> { "GEN006620" } | ||
| # comment => "CAT II UNIX STIG: 6.6 Access Control Programs and TCP_WRAPPERS", | ||
| # handle => "stigs_files_redhat_5_etc_hosts_deny", | ||
| # edit_line => append_if_no_line("ALL: ALL"); | ||
| # "/boot/grub/menu.lst" -> { "LNX00140" } | ||
| # comment => "CAT I (Previously - L072) UNIX STIG: 12.4.1.1 Password Protecting the GRUB Console Boot Loader", | ||
| # handle => "stigs_files_redhat_5_boot_grub_menu_lst", | ||
| # edit_line => maintain_grub; | ||
| "/boot/grub/grub.conf" -> { "LNX00160" } |
There was a problem hiding this comment.
gaps should be here or re-organize somehow
| # usebundle => disabling_accounts("$(accounts_to_disable)"); | ||
| "UNIX STIG 4.8/UNIX STIG 12.9" -> { |
There was a problem hiding this comment.
used to be a gap here, probably should still be some separation
3 participants
No description provided.