Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Ubuntu 24.04 Noble #12489

Open
rossigee opened this issue Oct 12, 2024 · 3 comments
Open

Support for Ubuntu 24.04 Noble #12489

rossigee opened this issue Oct 12, 2024 · 3 comments
Labels
Ubuntu Ubuntu product related.

Comments

@rossigee
Copy link

Description of problem:

Trying to understand why the 'ssg-debderived' package contains configurations up to 22.04, but not for 24.04 (a.k.a. Noble), even though it's been out for six months or so now.

Does nobody harden their Noble servers?!

SCAP Security Guide Version:

N/A

Operating System Version:

Ubuntu 24.04

Steps to Reproduce:

  1. Install ssg-debderived package on Ubuntu 24.04.
  2. Try to find appropriate SSG to scan the machine. Find only versions for 22.04.
  3. Try fruitlessly to run 22.04 versions on 24.04.
  4. Scratch head. Wonder why there are no 24.04 configurations to be found anywhere, even on Google.

Actual Results:

Unable to scan machine.

Expected Results:

Something like this should just work...

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level2_server --fetch-remote-resources --results before-hardening-results.xml --results-arf before-hardening-arf-results.xml --report before-hardening-report.html /usr/share/xml/scap/ssg/content/ssg-ubuntu2404-xccdf.xml

Additional Information/Debugging Steps:

N/A
@Mab879 Mab879 added the Ubuntu Ubuntu product related. label Oct 14, 2024
@dodys
Copy link
Contributor

dodys commented Oct 18, 2024
edited
Loading

The first benchmark for 24.04 was CIS which only came late in August and so far no one contributed it. Also if you are installing ssg-debderived through apt, it wouldn't include a profile for 24.04 as the development cycle of a release does not match benchmarks timeline anyway.

DISA STIG for 24.04 will probably only come late next year.

@rossigee
Copy link
Author

rossigee commented Nov 9, 2024

Given that 24.04 is more-or-less just an updated 22.04, I would expect 90% of the rules to 'just work'. I was hoping I could at least run the 22.04 rules against my 24.04 install provide at least a certain level of coverage.

so far no one contributed it

How would one contribute it? Is there hoops to jump through, or is it really just a case of taking the 22.04 rules, replacing '22' with '24' and starting with that?

@dodys
Copy link
Contributor

dodys commented Nov 11, 2024

How would one contribute it? Is there hoops to jump through, or is it really just a case of taking the 22.04 rules, replacing '22' with '24' and starting with that?

Just doing that creates more noise than helps. The right way is to evaluate the benchmarks, make a comparison and from there start building the 2404 profile.
@mpurg already started it, the profile should be ready in a few months, depending on testing results

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Ubuntu Ubuntu product related.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Mab879 @dodys @rossigee