From bb039a92b4286c9090c0f40c82aefb967be2f5ba Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Thu, 14 May 2020 16:46:07 +0200 Subject: [PATCH] reorder groups because of permissions verification --- ssg/build_yaml.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ssg/build_yaml.py b/ssg/build_yaml.py index e3e138283c..c9f3179c08 100644 --- a/ssg/build_yaml.py +++ b/ssg/build_yaml.py @@ -700,6 +700,11 @@ def to_xml_element(self): # audit_rules_privileged_commands, othervise the rule # does not catch newly installed screeen binary during remediation # and report fail + # the software group should come before the + # bootloader-grub2 group because of conflict between + # rules rpm_verify_permissions and file_permissions_grub2_cfg + # specific rules concerning permissions should + # be applied after the general rpm_verify_permissions # The FIPS group should come before Crypto - if we want to set a different (stricter) Crypto Policy than FIPS. # the firewalld_activation must come before ruleset_modifications, othervise # remediations for ruleset_modifications won't work @@ -707,6 +712,7 @@ def to_xml_element(self): # otherwise the remediation prints error although it is successful priority_order = [ "accounts", "auditing", + "software", "bootloader-grub2", "fips", "crypto", "firewalld_activation", "ruleset_modifications", "disabling_ipv6", "configuring_ipv6"