Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JCE does not respect existing custom ODVs and rules in "custom" folder #7

Open
homebysix opened this issue Sep 16, 2024 · 1 comment
Open

JCE does not respect existing custom ODVs and rules in "custom" folder #7

homebysix opened this issue Sep 16, 2024 · 1 comment

Comments

@homebysix
Copy link

My organization saves our desired mSCP "override default values" in the custom folder within our fork of the mSCP project. For example, we have a file at custom/rules/system_settings_screensaver_ask_for_password_delay_enforce.yaml with the following contents:

odv:
  custom: 0

We also have defined some custom rules that offer extra flexibility that allows us to apply the same baseline to multiple OS versions. For example we have a file at custom/rules/system_settings_ssh_disable.yaml with the following contents:

comment: |
  Differs from upstream mSCP check: Output changed from `true` to `disabled` a recent OS upgrade.
  This customized check treats either value as compliant.
check: |
  /bin/launchctl print-disabled system | /usr/bin/grep -Ec '"com.openssh.sshd" => (disabled|true)'

Upon launching Jamf Compliance editor and pointing it to our local clone of the mSCP project, the entire contents of the custom folder are deleted (as shown by Git staged changes). In order to restore the desired ODVs, we must click Edit, Show, and Done for each individual customized control in JCE, which is a tedious process.

I'm open to being persuaded that I'm using the custom folder incorrectly, but the mSCP project wiki seems clear:

The custom directory is used for creating tailored versions of the rules and sections files, to meet an organization’s requirements. The YAML files placed within this folder will take priority when running generate_guidance.py.

Desired enhancement: JCE should parse and apply any customized values in the custom folder, like the parent mSCP project does when running generate_guidance.py. Ideally, those custom values would already appear in the JCE UI and and further edits to those values would update the files in the custom folder.
@golbiga
Copy link
Collaborator

golbiga commented Sep 30, 2024

@homebysix This issue will be addressed in an upcoming release, however you'll have to import the rules through the GUI. This will properly create the custom files. The custom folder in JCE behaves differently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@golbiga @homebysix