On Wed, Dec 6, 2023 at 12:39 PM Fabio Valentini <decatho...@gmail.com> wrote:
> On Wed, Dec 6, 2023 at 11:17 AM Ondrej Pohorelsky <opoho...@redhat.com> > wrote: > > > > Hi everyone, > > > > For F40 I would like to change file permissions of few files that are > provided by cronie and crontabs and swap deny list for allow list. I'm not > really sure if I should make a change proposal. I figured I'll send an > email first and see the feedback. > > > > The driving force of this change is feedback from RHEL customers, that > they would like to have cronie and crontabs CIS compliant out of the box. > Which means changing some of the file permissions and swapping `cron.deny` > for `cron.allow`. As it stands now, they have to run their own scripts or > dnf plugin (post-transaction-actions) to ensure that each update doesn't > overwrite the file permissions they manually set. > > Just out of curiosity - what does CIS even stand for? > The linked Red Hat docs don't expand the acronym, and googling for it > obviously yields results for something entirely different > Basically, it is a Center for Internet Security (CIS) benchmark that some companies use as a reference to limit configuration-based security vulnerabilities. I'm not really sure, but I think some governments require that their systems are compliant. You can look at CIS wikipedia page for more info: https://en.wikipedia.org/wiki/Center_for_Internet_Security#CIS_Controls_and_CIS_Benchmarks -- Ondřej Pohořelský Software Engineer Red Hat <https://www.redhat.com> opoho...@redhat.com <https://www.redhat.com>
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue