From e64ae243688857e6d8ade846a8be8cac8018dbf9 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Wed, 3 Jan 2024 08:58:13 -0800 Subject: [PATCH] Update impact scores for Chef policies (#310) Add a missing impact and change some existing scores Signed-off-by: Tim Smith --- community/chef-infra-client.mql.yaml | 1 + community/chef-infra-server.mql.yaml | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/community/chef-infra-client.mql.yaml b/community/chef-infra-client.mql.yaml index b0b65240..a11ca9b9 100644 --- a/community/chef-infra-client.mql.yaml +++ b/community/chef-infra-client.mql.yaml @@ -101,6 +101,7 @@ queries: ``` - uid: var-log-chef-directory-permissions title: Ensure /var/log/chef/ is owned by root with 750 permissions + impact: 70 mql: | if (file("/var/log/chef").exists) { file("/var/log/chef") { diff --git a/community/chef-infra-server.mql.yaml b/community/chef-infra-server.mql.yaml index d2b40965..20e82de9 100644 --- a/community/chef-infra-server.mql.yaml +++ b/community/chef-infra-server.mql.yaml @@ -188,7 +188,7 @@ queries: ``` - uid: non-eol-infra-server title: Ensure a non-EOL Chef Infra Server release is used - impact: 90 + impact: 100 mql: | file("/opt/opscode/version-manifest.txt").content == /^chef-server (14|15|16|17)/ docs: @@ -196,7 +196,7 @@ queries: remediation: Upgrade to a non-EOL release of Chef Infra Server. Note that this will require downtime for component upgrade processes. - uid: eol-reporting-addon title: Ensure EOL Reporting add-on package is not installed - impact: 100 + impact: 80 mql: | package("opscode-reporting").installed == false docs: @@ -204,7 +204,7 @@ queries: remediation: Uninstall the Reporting package and run `chef-server-ctl reconfigure` - uid: eol-push-jobs-addon title: Ensure EOL Push Jobs Server add-on package is not installed - impact: 100 + impact: 80 mql: | package("opscode-push-jobs-server").installed == false docs: