Skip to content

Improve pam_options SLE16 -related behaviour#14716

Merged
jan-cerny merged 3 commits into
ComplianceAsCode:masterfrom
teacup-on-rockingchair:sle16_pam_options_enhance_patch
May 18, 2026
Merged

Improve pam_options SLE16 -related behaviour#14716
jan-cerny merged 3 commits into
ComplianceAsCode:masterfrom
teacup-on-rockingchair:sle16_pam_options_enhance_patch

Conversation

@teacup-on-rockingchair
Copy link
Copy Markdown
Contributor

@teacup-on-rockingchair teacup-on-rockingchair commented May 17, 2026

Description:

  • Improve pam_options related rules behaviour for SLE16. Make sure distro default configuration files from /usr/etc are not used in hardening for anything else but for source of generating default configuration in /etc from remediation scripts. Anything in /usr/etc will be changed or wiped out on upgrade so we should not rely on it for hardening

Rationale:

  • Remove the special case for sle16 in OVAL, if file is missing test will FAIL
  • Add preserve option when copy distro defaults to /etc for bash and ansible
  • Fix tests for use_pam_wheel_group_for_su and set_password_hashing_algorithm_commonauth
  • Add test for accounts_password_pam_pwhistory_remember

@teacup-on-rockingchair
Simplify the pam_options template for sle16
ff1ff47 
- remove the special case for sle16 in OVAL, if file is missing test will FAIL
@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label May 17, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented May 17, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@teacup-on-rockingchair teacup-on-rockingchair added this to the 0.1.81 milestone May 17, 2026
@teacup-on-rockingchair teacup-on-rockingchair added SLES SUSE Linux Enterprise Server product related. Update Template Issues or pull requests related to Templates updates. labels May 17, 2026
@teacup-on-rockingchair teacup-on-rockingchair marked this pull request as ready for review May 17, 2026 13:18
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label May 17, 2026
@jan-cerny jan-cerny self-assigned this May 18, 2026
jan-cerny
jan-cerny requested changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@teacup-on-rockingchair Please remove the file shared/macros/.fuse_hidden00017cc400000050 from the PR.

@teacup-on-rockingchair
add preserve option when copy distro defaults to /etc for bash and an…
e55d92f 
…sible
@teacup-on-rockingchair
Fixed tests to match latest behaviour in pam_options
771f554 
- Fix tests for use_pam_wheel_group_for_su and set_password_hashing_algorithm_commonauth
- Add test for accounts_password_pam_pwhistory_remember
@teacup-on-rockingchair teacup-on-rockingchair force-pushed the sle16_pam_options_enhance_patch branch from 250b05f to 771f554 Compare May 18, 2026 09:58
@teacup-on-rockingchair
Copy link
Copy Markdown
Contributor Author

teacup-on-rockingchair commented May 18, 2026

@teacup-on-rockingchair Please remove the file shared/macros/.fuse_hidden00017cc400000050 from the PR.

Thanks 🙇 , just rebased it to drop that file from history

jan-cerny
jan-cerny approved these changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fail is rule rsyslog_files_permissions isn't caused by the contents of this PR and is currently being solved in #14715.

@jan-cerny jan-cerny merged commit 7e4f012 into ComplianceAsCode:master May 18, 2026
74 of 81 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

@svet-se svet-se Awaiting requested review from svet-se

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@Mab879 Mab879 Awaiting requested review from Mab879 Mab879 is a code owner

@vojtapolasek vojtapolasek Awaiting requested review from vojtapolasek vojtapolasek is a code owner

Assignees

@jan-cerny jan-cerny

Labels

SLES SUSE Linux Enterprise Server product related. Update Template Issues or pull requests related to Templates updates.

Projects

None yet

Milestone

0.1.81

Development

Successfully merging this pull request may close these issues.

2 participants

@teacup-on-rockingchair @jan-cerny