Michael Geiger
Michael Geiger
For the search in os-01 and os-09 I would recommend to limit the the search depth with the option `-maxdepth`. IMHO 3 levels should be sufficient ... for os-06 I...
@atomic111 Of course! See #77
How about this: use `locate` instead of `find` if installed --> if you have timeout problems install the (m)locate package on your system This might also solve #78
I think in production this definitly should be disabled because of the DoC risk
Well, on my production servers the size of the root disk is way smaller ... but if it's required by compliance: How about enable this here in the baseline and...
@brentclark Thanks for your PR! In general this looks good to me, but you should also make it configurable like $disable_filesystems (in `init.pp` plus documentation in `README.md`)
@michaelw Well, for me it looks like you have changed the logic that way: If `$enable_sysctl_config` is true (which is the default) then the class `os_hardening::sysctl` is always applied, independend...
Looks like Inspec doesn't recognize that the tests are running in a container ... maybe the host os (OpenSUSE 15.0) is not recognized? @artem-sidorenko Please investigate :-)
This seems to be a problem in InSpec: https://github.com/inspec/inspec/issues/3819
@artem-sidorenko Do you think we should continue on this? Right now the `sysctl` changes are omitted when applied in a container environment, but there are no specific hardening rules for...