gitlab-base: UBI: add CIS SCAP remediations (!1194) · Merge requests · GitLab.org / Build / CNG · GitLab

Jason Plum requested to merge fips-scap into master Nov 09, 2022

What does this MR do?

Add some CIS SCAP remediation scripts.

Several of are copied directly from https://repo1.dso.mil/dsop/redhat/ubi/ubi8

Disable RH subscription manager usage, only UBI
Set umask defaults to 027 in shell profiles
Disable storage and backtraces in coredump.conf
Enforce PAM use_uid for su calls.

Related issues

https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3936

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion

Required

Merge Request Title, and Description are up to date, accurate, and descriptive
MR targeting the appropriate branch
MR has a green pipeline on GitLab.com

Expected (please provide an explanation if not completing)

Test plan indicating conditions for success has been posted and passes
Documentation created/updated
Integration tests added to GitLab QA
The impact any change in container size has should be evaluated

Edited Nov 16, 2022 by Robert Marshall