mitre / oracle-database-12c-stig-baseline Goto Github PK

https://github.com/mitre/oracle-database-12c-stig-baseline/blob/master/controls/V-61419.rb#L34

This means there needs to be another describe block and that there should be an attribute for the something_raid_not_used. If a raid is not used, then the value should_not be < 2 if a raid storage device is being used than it seems the value should be >= 1.

V-61561 needs to allow the user to define their set of defined emergency and temporary account profiles to let the logic focus on only.

When the attribute is assigned outside of the code block and you run the profile as a whole you get a bit of slowdown and congestion since it tries to assign the attribute but finds that it's already been initialized. We came across this issue a lot in the old style of creating attributes in InSpec.

If the attributes are moved within the control block you will get a bit faster run time and remove the warning messages that pop up when running commands on the profile.

Example of what the issue looks like:

List of controls with attributes outside of control block:

• V-61415
• V-61433
• V-61437
• V-61439
• V-61445
• V-61451
• V-61459
• V-61461
• V-61467
• V-61507
• V-61589
• V-61599
• V-61653
• V-61655
• V-61657
• V-61659
• V-61661
• V-61663
• V-61669
• V-61673
• V-61679
• V-61681
• V-61683
• V-61869

"is not a finding" STIG-speak = Pass, not N/A

For overlays, need inputs to be able to adjust the:

• allowed failed logon attempts for V-61605
• password lifetime for a profile for V-61561, and
• the account inactivity age for V-61717.

For controls:
61603
61605
61607

https://github.com/mitre/oracle-database-12c-stig-baseline/blob/master/controls/V-61541.rb

There are no NA cases in this control, just pass or fail and a skip.

Not a finding - means pass the test no NA

Unhardened data already exists, would also need hardened results in the profile.

The logic seems like it should be:

the describe blocks for both should always ensure that the result should_not be 0 - if the count is zero then this is a finding.

on the first query - if you have any results - the results should be saved and displayed and the second describe block should skip if > 0 and display the ask the DBA / ISSO if #{results} are acceptable.

When/if we encounter this situation, is this the correct logic to implement?

if user_profiles.empty?
describe 'There are no oracle user profiles, therefore this control is N/A' do
skip 'There are no oracle user profiles, therefore this control is N/A'
end
end

The following rubocop issues were found:
rubocop.txt

The following warnings were shown by inspec check: