Describe the bug
Online docs for NETW-3200 are not yet implemented.

Version

• Distribution: Ubuntu 18.04
• Lynis version: 3.0.0

Expected behavior
A (minimal) description of the problem should exist and ideally a general direction on how to fix the issue.

Output

A new discovery!

Oops, looks like this control is not listed yet in the database.

Want to help 

We frequently see people asking how they can use OPA to implement authorization and IAM within their apps. There are several examples online like the chef/automate guide but it would be nice to have a first-class guide in the OPA docs for new users to easily discover.

A few things to consider:

• IAM affects more than just backend APIs. The docs should (eventually) cover how to handle other a

Hello. We currently run 2.9.4 and run into the 1000 dead agents issue and would like to upgrade to the latest version to take advantage of the -F switch to "Remove agents with duplicated IP if disconnected since seconds." (wazuh/wazuh#125)

1. How would it be possible to upgrade with zero downtime? We're on CentOS 7.x.
2. Could we just download the tar.gz file,

As a new custodian user, I'm trying to understand the usage of variables in policies. There seems to be multiple types of variables.

A non-exhaustive list for a beginner can be:

• vars in a policy yaml
• [standard runtime variables for in

It'd be helpful if there was a check for ELB and ALBs that have either no listeners or no instances in their target pool. The check is similar to an unused security group although their are more financial penalties for having idle ELB and ALBs.

Detailed Description

Update os_env documentation to state where variables should be set for controls using the os_env resource.

Context

Why is thi

Description

When we have an automatic email reports configuration and there are no alerts to be reported that day (e.g the rule or group of rules that we have configured in reports have not triggered during the day), the report will not be sent.

This is not good behavior because it can lead the user to think that the automatic reports are not working.

Let's also say that I have to sen

Hi :),

It's possible to scan with variables json or .tf file name ?

Like

{
	"region": "eu-central-1",
	"environment_id": "demo",
	"tags": {
		"EnvironmentId": "integration",
		"ApplicationName": "demo",
		"EnvironmentType": "development",
		"Project": "pepito"
	},
	"rds_instances": [
		{
			"sg_name": "test-sg",
			"kms_key_label": "kms",
			"rds_label": "rds",
			

sudo-plugin, despite its generic name, currently only supports creating IO plugins, and not policy plugins. Would you consider policy plugins to be in-scope for the crate?

PS: Many thanks for releasing sudo-pair, and making sudo-plugin available as a reusable crate.

Description of problem:

I have never written SCAP content before, and am looking at how to get started. I would like to write SCAP content to test compliance on Photon OS against DISA SRGs. I have been all over the wiki pages, but I am still not sure how to get started. The main page makes it look super easy for writing OVAL and XCCDF files using YAML, but I am not sure where to build those

Description

Running the following Command:

./scancode -clp --json-pp sample_filter_clues.json samples --filter-clues

Gives the Error:

ERROR: failed to run post-scan plugin: filter-clues:
Traceback (most recent call last):
  File "/home/ayansm/Desktop/GSoD/scancode-toolkit-versions/scancode-toolkit-3.1.1/src/scancode/cli.py", line 1033, in run_codebase_plugins
    plugin.p

OAI ensures the contents of the S3 bucket remain private and prevent people from bypassing CloudFront to access content

Checkov may need to do a multiple resource check for this… (Both the CFN Distro and backing S3 bucket)

** Question : **

I arrived here and am interested in leveraging this platform in addition to and as a compliment terratest, but I don't want to start from scratch in writing features and I can't find any reference at all in the readme to a sample library or folder of already-existing tests/features. I could copy-paste all the examples from the .md example files but that seems like more work

Description of Problem:CMake Warning (dev) at C:/devel/vcpkg/scripts/buildsystems/vcpkg.cmake:195 (_add_library):

Policy CMP0028 is not set: Double colon in target name means ALIAS or
IMPORTED target. Run "cmake --help-policy CMP0028" for policy details.
Use the cmake_policy command to set the policy and suppress this warning.

OpenSCAP Version:1.4.0

Operating Sys

Description

Customer have unique requirements for alarming, specifically with respect to log processing.

As a customer, I would like to know how to configure alarms on log processing volume.

Acceptance Criteria

• Document in operations doc page how to add alarms on log processing with examples

Please delete this issue if this is not the proper place to ask. Anyway;
I've got temporary files on disk which I need to encrypt and pass on to http client (that reads IO/streams).

Not sure how to do this right, Pass file and StringIO (as a target) to SymmetricEncryption::Writer.encrypt and then construct new StringIO object from the result?

Description

Hello,

I am trying to integrate a fossology instance with my project workflow.

What i want to do is make the task easier for the users of my app, and get the resul

The notice-pre-processor.kts file allows for customisation of the generated notice file, see https://github.com/oss-review-toolkit/ort/blob/master/docs/notice-pre-processor-kts.md.

Not all customisations seem possible, though. I would like to:

• customize the notice separator
• get rid of the separator between the different headers
• include the license name/id before the license text

Hi team,

I have noticed that the log examples found in 0610-win-ms_logs_rules.xml don't match their rules.
It is due the fields providerName and channel aren't correct.

https://github.com/wazuh/wazuh-ruleset/blob/725a0155cfde0a849729d9d174f03e1453e31242/rules/0610-win-ms_logs_rules.xml#L37-L63

To match rules 63103, 63104 and 63105, the logs must have matched before rules `60

Description

Currently add_failure takes the values required to create a failure, creates it then adds it to the Result object's failed_rules
On the other hand add_warning takes a Failure object directly.

Proposed solution

The methods should be updated so that they both have the same behavior (or maybe even just add an add_finding method which takes a type that can be either Failure o

Hi team,

In our purpose to divide the app into alerts and states, we're going to unify all the alerts into global dashboards.

To do this we're going to have to unify all the current dashboards in one place, and we should be able to switch between them, as well as switch between agent view and overview in a simple and agile way.

Dynamic display loading has already been implemented using JS

Hello folks,

I think it'd be great if every ENV VAR used in the images would be explained in the README.md, and also it can be included in the Wazuh official documentation once they're ready.

Feel free to share your thoughts on this here.

Regards