Skip to content

Add Amazon Linux 2023 DISA STIG Profile #14238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Eric-Domeier wants to merge 8 commits into from
Closed

Add Amazon Linux 2023 DISA STIG Profile #14238

Eric-Domeier wants to merge 8 commits into from
+5,106 −25

Conversation

@Eric-Domeier
Copy link

@Eric-Domeier Eric-Domeier commented Dec 14, 2025
edited
Loading

Description:

  • Add a DISA STIG Profile for Amazon Linux 2023 and attempts to make the results importable to stig viewer

Rationale:

Review Hints:

  • This builds off of @jesseborden branch, attempts to get the --stig-viewer flag working properly.

  • products/al2023/overlays/srg_support.xml is just a copy paste from products/rhel8/overlays/srg_support.xml with name replaced, the content hasn't actually been checked yet.

  • I haven't verified the content in controls/stig_al2023.yml yet

  • modifies applicability templates to ensure checks are applicable for al2023

@openshift-ci
Copy link

openshift-ci bot commented Dec 14, 2025

Hi @Eric-Domeier. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci bot added the needs-ok-to-test Used by openshift-ci bot. label Dec 14, 2025
@Eric-Domeier
Copy link
Author

Eric-Domeier commented Dec 14, 2025

Amazon linux ships with oscap version 1.3.9 which appears to be the reason why the results file was not able to be imported into STIG Viewer. After building oscap from source on the Amazon Linux 2023 box with version 1.4.3, the results file is able to be imported into stig viewer.

Remaining tasks to complete this PR is to go through all the rules to ensure they are correct - a majority appear to be coming back as N/A

@Eric-Domeier
Copy link
Author

Eric-Domeier commented Dec 15, 2025

Fixed most checks that were showing as N/A

image

Still need to go through each one to verify accuracy.

@github-actions
Copy link

github-actions bot commented Dec 15, 2025
edited
Loading

ATEX Test Results

Test artifacts have been submitted to Testing Farm.

Results: View Test Results
Workflow Run: View Workflow Details

This comment was automatically generated by the ATEX workflow.

@Eric-Domeier
Copy link
Author

Eric-Domeier commented Dec 16, 2025

Moved this PR to here to remove the failing merge commit issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-ok-to-test Used by openshift-ci bot.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Eric-Domeier @jesseborden @bordencastle