Comments (25)
regarding the "no file" error from tps_report, perhaps preceding vi
command should instruct to use :wq
instead of :q!
to exit? (that way everything works)
from securitydemos.
@stevegrubb and @rgbriggs please take a look at this issue
from securitydemos.
At section 6.2.1 there is step 3 to edit audit config, however the configuration file present in snapshot is already updated per the commands so the editing (and subsequent reload/restart of daemon) is quite needless.
from securitydemos.
* Lab 6.1 the password for auditlab user is not specified (turns out it is the usual r3dh4t1!) but it is requested to login from the workstation countrary to instructions.
+1 on auditlab user asking for password
from securitydemos.
Section 6.2.1:
Fix the_audit.example.com_
string to the _audit.example.com_
from securitydemos.
At section 6.2.1 there is step 3 to edit audit config, however the configuration file present in snapshot is already updated per the commands so the editing (and subsequent reload/restart of daemon) is quite needless.
It looks like this is actually the default configuration for auditd.conf.
from securitydemos.
The title says Red Hat Enterprise Linux 7.5 even though the lab is run entirely in RHEL8. Suggest to remove the specific version 7.5.
As I understood Summit is mainly promoting RHEL8 whenever possible.
from securitydemos.
from securitydemos.
Pull request #121 was opened to fix some of the things pointed out here.
from securitydemos.
Pull request #121 was opened to fix some of the things pointed out here.
Why did you drop the change from "killall ..." to "service audit reload" in the last of those three patches that went into the PR? (I had most of these fixes queued... I'll diff and see if any remain.)
from securitydemos.
Pull request #121 was opened to fix some of the things pointed out here.
Why did you drop the change from "killall ..." to "service audit reload" in the last of those three patches that went into the PR? (I had most of these fixes queued... I'll diff and see if any remain.)
Because using the service command is the way that we tell everyone to use the audit system.
from securitydemos.
@stevegrubb When you say (lines 26-27): "If done correctly, you should not need to enter a password." What is the correct way? Should there be no password on root and auditlab, or should it use the pre-installed ssh key? I'm now assuming you were talking about getting in to the bastion workstation, but still need a password to get into audit.example.com.
from securitydemos.
@stevegrubb When you say (lines 26-27): "If done correctly, you should not need to enter a password." What is the correct way? Should there be no password on root and auditlab, or should it use the pre-installed ssh key?
Paul wrote that - not me. :-) It also seemed to work for me so I didn't change it. I think it uses the pre-installed key.
from securitydemos.
from securitydemos.
from securitydemos.
On 2019-04-15 14:36, Steve Grubb wrote: > > Why did you drop the change from "killall ..." to "service audit reload" in the last of those three patches that went into the PR? (I had most of these fixes queued... I'll diff and see if any remain.) Because using the service command is the way that we tell everyone to use the audit system.
Sorry, I don't follow. The last patch that ended up in the pull request does not have the switch to "service audit reload"
I guess that was missed by mistake. Service is preferable.
from securitydemos.
These are mostly nitpics I found in latest trial:
- is there a reason for RHEL7.5 ? If yes, this should be explained. If not, we can say "but it does not matter, audit is the same as on RHEL8.0" or something. Basically acknowledging it's using not up-to-date system
- shouldn't
service
command be replaced bysystemctl
? - shouldn't
grub2-mkconfig
be replaced bygrubby
?
from securitydemos.
from securitydemos.
For audit, service is a required command. We cannot move to systemctl. You will find systemctl is blocked for many audit tasks.
As for grub2-mkconfig vs grubby...I've always used grub2-mkconfig since it comes with the bootloader. They ought to work together.
from securitydemos.
@stevegrubb and @rgbriggs : is this issue now resolved?
from securitydemos.
@stevegrubb and @rgbriggs : is this issue now resolved?
Looks like it says 8.0 now. I suppose that could be changed to simply 8.
from securitydemos.
@stevegrubb , not sure what you mean by 8.0 vs 8. Is this still an issue that needs to remain open for fixes or can I close this issue?
from securitydemos.
I think the concern mentioned above is that the content mentions 8.0 which is version specific. When 8.1 ships, will this content still be correct? By deleting the ".0" it makes it generic for all releases of RHEL 8.
from securitydemos.
@lkerner, I submitted a pull request. I think issue can be closed when that is merged.
from securitydemos.
Thanks @stevegrubb . Closing issue based on pull request #194 by @stevegrubb .
from securitydemos.
Related Issues (20)
- Lab 2 - step 2.1 - only one pod is shown
- Lab 2 - step 8 - repeated text
- Lab 2 - Projects a,b & c are not explained HOT 1
- Lab 1 - No default network policies found HOT 1
- Lab 3 - first curl command has different response HOT 2
- Lab 3 - incorrect text HOT 1
- Lab 3 - further explanation on webhooks and adminssion hooks HOT 2
- Lab 4 (old) - Jenkins pipeline error HOT 1
- Lab 5 - step 2 - Cluster admin user HOT 1
- [2020Labs/OpenShiftSecurity] got 0 errors in the sonarqube ecommerce app HOT 1
- [2020Labs/OpenShiftSecurity] My nexus doesn't have any maven-snapshot HOT 2
- [2020Labs/OpenShiftSecurity] point 11 in lab4.5 needs to be clarified HOT 1
- [2020Labs/OpenShiftSecurity] lab5 Lab Exercise Requirements HOT 3
- Lab 4 - Enhancement - Use Nexus Operator
- Lab 4 - Enhancement - Add secrets management for the labs HOT 1
- Lab 2 - No default policies found HOT 1
- Add the lab docs into the Gogs repository server
- Lab 4 - Following bonus steps to fix vulnerability results in failed pipeline HOT 4
- Lab 3 - OCP project is missing: rbac-lab HOT 3
- Lab 4 - OCP project is missing: ocp-workshop HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from securitydemos.