Security Hardening in tripleo-docs Incorrect indentation in YAML example
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Triaged
|
Low
|
Unassigned |
Bug Description
This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes:
- [x] This doc is inaccurate in this way: The formatting of the YAML in the upstream documentation is wrong. I've attached a copy of the YAML with proper formatting to this BZ.
Additionally, we need to clearly identify and call out directories that should and should not be included. Because with the provided example, the run to create the initial aide DB causes a timeout in the deployment process (I will be opening a second BZ for that).
In my attached example file, I've also excluded /var/lib/docker. We have NO clear documentation on utilizing AIDE on a system running docker. Because of how AIDE works, if files change alot, they should not be in scope for AIDE as it will provided no benefit. With docker, there's alot of these on the filesystem so we need to provide the customer with better recommended scoping of what to and what not to monitor.
Refer to correct YAML format (attachment) here https:/
- [ ] This is a doc addition request.
- [x] I have a fix to the document that I can paste below including example: input and output.
resource_registry:
OS::TripleO:
parameter_defaults:
AideHour: 12
AideMinute: 30
AideRules:
'TripleORules':
content: 'TripleORules = p+sha256'
order : 1
'etc':
content: '/etc/ TripleORules'
order : 2
'boot':
content: '/boot/ TripleORules'
order : 3
'sbin':
content: '/sbin/ TripleORules'
order : 4
'var':
content: '/var/ TripleORules'
order : 5
'not var/log':
content: '!/var/log.*'
order : 6
'not var/spool':
content: '!/var/spool.*'
order : 7
'not /var/adm/utmp':
content: '!/var/adm/utmp$'
order: 8
'not nova instances':
content: '!/var/
order: 9
'not docker':
content: '!/var/
order: 10
-------
Release: 0.0.1.dev1094 on 2018-06-04 16:04:36
SHA: 311a01795c4d9dc
Source: https:/
URL: https:/
Changed in tripleo: | |
milestone: | stein-rc1 → train-1 |
Changed in tripleo: | |
milestone: | train-1 → train-2 |
Changed in tripleo: | |
milestone: | train-2 → train-3 |
Changed in tripleo: | |
milestone: | train-3 → ussuri-1 |
Changed in tripleo: | |
milestone: | ussuri-1 → ussuri-2 |
Changed in tripleo: | |
milestone: | ussuri-2 → ussuri-3 |
Changed in tripleo: | |
milestone: | ussuri-3 → ussuri-rc3 |
Changed in tripleo: | |
milestone: | ussuri-rc3 → victoria-1 |
Changed in tripleo: | |
milestone: | victoria-1 → victoria-3 |
If you have a fix, could you submit that?