Versions Compared

Old Version 30

changes.mady.by.user Colin Peters

Saved on

compared with

New Version Current

changes.mady.by.user Colin Peters

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Before running the tests below, ensure that the configuration in the chapter Verifying the Setup of Smart Data Transaction for CPS R7 Installation Guide has been implemented.

CI/CD Regression Tests: Node Setup

...

Vuls results (manual) Nexus URL: https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt/r7/sdt-vuls/12/

Lynis results (manual) Nexus URL: https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt/r7/sdt-lynis/2/

Kube-Hunter results Nexus URL: https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt/r7/sdt-bluval/1/

Vuls

Nexus URL: https://nexus.akraino.org/content/sites/logs/fujitsu/job/sdt/r7/sdt-vuls/12/

There are 6 4 CVEs with a CVSS score >= 9.0. These are exceptions requested here:

...

32221
CVE-IDCVSSNVDFix/Notes
CVE-2022-364310.0https://nvd.nist.gov/vuln/detail/CVE-2022-3643

Fix not yet available

Ubuntu CVE record

CVE-2016-15859.8https://nvd.nist.gov/vuln/detail/CVE-2016-1585

No fix available

Ubuntu CVE record

CVE-2022-03189.8https://nvd.nist.gov/vuln/detail/CVE-2022-0318

Fix not yet available

Ubuntu CVE record

CVE-2022-9.8https://nvd.nist.gov/vuln/detail/CVE-2022-32221

TODO: Appears fixed

Ubuntu CVE record

CVE-2022-36499.8https://nvd.nist.gov/vuln/detail/CVE-2022-3649

Fix not yet available

Ubuntu CVE record

CVE-2022-406749.8
Lynis

Nexus URL (manual run, with fixes): https://

...

nexus.

...

akraino.

...

org/

...

TODO: Appears fixed

Ubuntu CVE record

Lynis

Nexus URL (manual run, with fixes): https://nexus.akraino.org/content/content/sites/logs/fujitsu/job/sdt/r7/sdt-lynis/23/

The results compare with the Lynis Incubation: PASS/FAIL Criteria, v1.0 as follows.

The Lynis Program Update test MUST pass with no errors.

...

No.TestResultNotes
1

Test: Checking PASS_MAX_DAYS option in /etc/login.defs

2022-1012-11 1116 18:4845:22 05 Test: Checking PASS_MAX_DAYS option in /etc/login.defs
2022-1012-11 1116 18:4845:22 05 Result: max password age is 180 days
2022-1012-11 1116 18:4845:22 05 Hardening: assigned maximum number of hardening points for this item (3). Currently having 21 points (out of 35)

Required configuration
2

Performing test ID AUTH-9328 (Default umask values)

2022-1012-11 1116 18:4845:22 05 Performing test ID AUTH-9328 (Default umask values)
...

2022-12-16 18:45:05 Test: Checking /etc/login.defs
2022-10-11 11:48:22 -12-16 18:45:05 Result: file /etc/login.defs exists
2022-12-16 18:45:05 Test: Checking umask value in /etc/login.defs
2022-1012-11 1116 18:4845:22 05 Result: umask is 027, which is fine
2022-1012-11 1116 18:4845:22 05 Hardening: assigned maximum number of hardening points for this item (2). Currently having 35 points (out of 49)

Required configuration
3

Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups)

2022-1012-11 1116 18:5145:21 14 Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups)
2022-1012-11 1116 18:5145:21 14 Result: AllowUsers set, with value sdt-admin
2022-1012-11 1116 18:5145:21 14 Result: AllowGroups is not set
2022-1012-11 1116 18:5145:21 14 Result: SSH is limited to a specific set of users, which is good
2022-1012-11 1116 18:5145:21 14 Hardening: assigned maximum number of hardening points for this item (2). Currently having 164 points (out of 234231)

Required configuration
4

Test: checking for file /etc/network/if-up.d/ntpdate

2022-1012-11 1116 18:5145:25 16 Test: checking for file /etc/network/if-up.d/ntpdate
2022-1012-11 1116 18:5145:25 16 Result: file /etc/network/if-up.d/ntpdate does not exist
2022-1012-11 1116 18:5145:25 16 Result: Found a time syncing daemon/client.
2022-1012-11 1116 18:5145:25 16 Hardening: assigned maximum number of hardening points for this item (3). Currently having 173 points (out of 249246)
5Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile) :  Following sub-tests requiredN/A
5asysctl key fs.suid_dumpable contains equal expected and current value (0)

2022-1012-11 1116 18:5145:37 27 Result: sysctl key fs.suid_dumpable contains equal expected and current value (0)

Required configuration
5bsysctl key kernel.dmesg_restrict contains equal expected and current value (1)

2022-1012-11 1116 18:5145:37 27 Result: sysctl key kernel.dmesg_restrict contains equal expected and current value (1)

Required configuration
5csysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0)2022-1012-11 1116 18:5145:37 27 Result: sysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0)Required configuration
6Test: Check if one or more compilers can be found on the system

2022-0312-07 1516 18:5545:29 28 Performing test ID HRDN-7220 (Check if one or more compilers are installed)
2022-0312-07 1516 18:5545:29 28 Test: Check if one or more compilers can be found on the system
2022-0312-07 1516 18:5545:29 28 Result: no compilers found
2022-0312-07 1516 18:5545:29 28 Hardening: assigned maximum number of hardening points for this item (3). Currently having 216 212 points (out of 325312)

Required removal of build-essential package and apt autoremove, and /bin/as

...