usg-cisbenchmark: feature - disable specific rules
Bug #1864175 reported by
Arif Ali
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Security Certifications |
Fix Released
|
Wishlist
|
Richard Maciel Costa |
Bug Description
From customer,
It would be useful to disable a specific test, as a test may not be something that we would need testing as part of the security certification
If they can document, why the test is not required, that is reasonable.
information type: | Public → Public Security |
information type: | Public Security → Public |
To post a comment you must log in.
+1 on this feature - having the ability to configure the harden tool to skip a particular set of hardening rules because a workload needs to configure the server in a way that means they cannot be applied would be useful - maybe an /etc/usg/ configuration file or dotdee directory of some sort?
This could be used by charms to disable specific rules to allow the tool to be re-run post deployment without impacting on functionality of the deployed workloads.