088884c731
The 'docs' tox target executes the doc8 lint test which may result in failures when testing documentation builds, but OpenStack-CI does not execute that tox target. In order to ensure that we catch all standard documentation syntax errors and prevent them from merging, this patch includes the docs target in the 'linters' chain of tests. Fixes for any failures which result from executing this test are also included in the patch. Change-Id: I80c2ce387e59a30c34bf2252a54037c00b420380
21 lines
1.0 KiB
ReStructuredText
21 lines
1.0 KiB
ReStructuredText
**Exception**
|
|
|
|
Although Ubuntu provides the ``debsums`` command for checking the contents of
|
|
files installed from packages, it cannot perform a detailed level of checking
|
|
sufficient to meet the STIG requirement. Some packages are not shipped with MD5
|
|
checksums for all files. Deployers are encouraged to use ``debsums -c``
|
|
regularly to check for alterations in as many packages as possible.
|
|
|
|
Ubuntu does not currently have a capability to check file permissions,
|
|
ownership, or group ownership against the permissions that were originally set
|
|
when the package was installed.
|
|
|
|
In CentOS, the ``rpm`` command can verify package contents, ownership, group
|
|
ownership, and permissions after the package has been installed. However, many
|
|
configuration files are changed by the security role and this will cause the
|
|
verification to fail.
|
|
|
|
Deployers should utilize the monitoring capabilities of the ``aide`` package
|
|
(which is installed by other Ansible tasks in this role) to determine which
|
|
configuration files, libraries or binaries may have been changed.
|