Hello everyone,
we have currently stumbled upon situation, where Ansible remediation
snippet can either fix 3 different rules at once, or be very convoluted.
Technical details aside [1] - what is your view of such approach?
* Is it ok when remediation does change more than the rule that
triggered it checks?
* Do you prefer to have no remediation at all, to the remediation that
does too much?
* Does answer to the questions above change between (--remediate) which
is applied automatically, and bash roles or ansible playbooks, where you
can check insides of the scripts and alter them before application?
Thanks!
Marek
[1]
https://github.com/ComplianceAsCode/content/pull/3723#issuecomment-462747526
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org