Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CIS uses grubby for checking rules 4.1.1.2 & 4.1.1.3, which are thus failing #160

Closed
ipruteanu-sie opened this issue Jan 26, 2024 · 0 comments · Fixed by #188
Closed

CIS uses grubby for checking rules 4.1.1.2 & 4.1.1.3, which are thus failing #160

ipruteanu-sie opened this issue Jan 26, 2024 · 0 comments · Fixed by #188
Labels
bug Something isn't working

Comments

@ipruteanu-sie
Copy link
Contributor

Describe the Issue
Rules:

  • 4.1.1.2 Ensure auditing for processes that start prior to auditd is enabled
  • 4.1.1.3 Ensure audit_backlog_limit is sufficient
    are still failing after role-execution.

Expected Behavior
CIS - Pass

Actual Behavior
CIS - Fail

Control(s) Affected
4.1.1.2, 4.1.1.3

Environment (please complete the following information):

  • branch being used: [e.g. devel]
  • Ansible Version: [e.g. 2.10]
  • Host Python Version: [e.g. Python 3.7.6]
  • Ansible Server Python Version: [e.g. Python 3.7.6]
  • Additional Details:

Additional Notes

  • Current approach was the one I was also aware of, some time ago: Configuring params in /etc/default/grub and then use the command in grub2cfg handler(grub2-mkconfig -o /boot/grub2/grub.cfg) to generate the grub config file.

  • But, what I also noticed is that despite some not-so-old hardening suggestions(RHEL8, 2021) encourage us to use both approaches(/boot/grub2/grub.cfg & gruby), the most recent ones(RHEL9, 2023) only use grubby approach.
    Same does CIS in their nix_grubby_exist_chk.sh script.

Possible Solution
PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant