Inconsistent yaml section data
alias454 opened this issue · comments
I'm not sure if this causes an issue within hubble or not but when trying to parse yaml files automatically with a custom script, I ran into some inconsistent sections. I see a few where items that are typically lists, are represented as dictionaries and others missing "tags" etc.
Examples exist in amazon-201409-level-1-scored-v1-0-0.yaml and amazon-level-1-scored-v1-0-0.yaml files for missing list items.
rsyslog:
data:
'Amazon Linux AMI-2014':
- 'rsyslog': 'CIS-5.1.1'
+ - 'rsyslog': 'CIS-5.1.1'
description: 'Install rsyslog'
anacron:
data:
'Amazon Linux AMI-2014':
- 'cronie-anacron': 'CIS-6.1.1'
+ - 'cronie-anacron': 'CIS-6.1.1'
description: 'Enable anacron Daemon'
Another example is a couple of items missing the "tag" in ubuntu-1604-level-1-scored-v1-0-0.yaml. Everything else seems to use "tag" within the section
ldap-server-disabled:
data:
Ubuntu-16.04:
- - slapd: CIS-2.2.6
+ - slapd:
+ tag: CIS-2.2.6
description: Ensure LDAP server is not enabled
nfs-disabled:
data:
Ubuntu-16.04:
- - nfs-kernel-server: CIS-2.2.7
+ - nfs-kernel-server:
+ tag: CIS-2.2.7
description: Ensure NFS and RPC are not enabled
I'm not sure how hubble handles these but they caused my parser to throw some errors. Of course, I can manage these changes locally but thought they might be worth bringing up.
Regards,
Brandon
The reason is part of why I'm planning to rewrite nova this year. Each nova module handles its own data in its own way. In some cases that involves use of lists because some tags require multiple checks (grepping two values or checking two packages or whatever).
I'm planning to offload all of the profile processing to the core hubble module and drastically simplify the data structure with my rewrite. It will be painful but worth it. (I'll have to overcome these same inconsistencies with the script I will write to port the profiles to the new format)
Closing since #536 will resolve this.