gitlab-base: UBI: add CIS SCAP remediations
What does this MR do?
Add some CIS SCAP remediation scripts.
Several of are copied directly from https://repo1.dso.mil/dsop/redhat/ubi/ubi8
- Disable RH subscription manager usage, only UBI
- Set umask defaults to
027
in shell profiles - Disable storage and backtraces in
coredump.conf
- Enforce PAM
use_uid
forsu
calls.
Related issues
https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3936
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated
Edited by Robert Marshall