CIS 1.7.1.2 on 20.04 AppArmor bootloader does not work on Azure
Bug #1948668 reported by
Aaron Whitehouse
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu Security Certifications |
In Progress
|
Undecided
|
Adam Bell | ||
| cloud-images |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
It looks like there is an Azure-specific bug in the CIS hardening script for rule "Ensure AppArmor is enabled in the bootloader configuration" (CIS 1.7.1.2).
It looks like we append
GRUB_CMDLINE_
to /etc/default/grub, but Azure has its own /etc/default/
GRUB_CMDLINE_
so we need to be appending the additional lines to that command instead (i.e. to make it GRUB_CMDLINE_
| Changed in ubuntu-security-certifications: | |
| assignee: | nobody → Adam Bell (arbell) |
| Changed in ubuntu-security-certifications: | |
| status: | New → Triaged |
Revision history for this message
| Adam Bell (arbell) wrote | #1 |
| Changed in ubuntu-security-certifications: | |
| status: | Triaged → In Progress |
| Changed in cloud-images: | |
| status: | New → Confirmed |
To post a comment you must log in.
Hi Aaron (et al),
Is it possible that the /e/d/grub.
```
GRUB_CMDLINE_
```
We do the same thing on the FIPS side with GRUB_CMDLINE_
Please let us know whether that could work on the Azure images or whether this would open a different issue on unhardened images.