New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sysctl-34 - fs.protected_regular not set #536
Comments
Hi @partha005 , it seems your Linux distribution does not have this sysctl. Can you tell us what OS you are running? You can find this information in |
Thanks for taking a look. It is CentOS. |
I do see an entry is made in sysctl.conf, but it fails to set when I try to reload: [root@ip-10-0-0-217 ~]# sysctl -p Thanks |
Hi @schurzi , is there a way by which we could filter out settings related to a different distribution being tested in Inspec. |
So I did check in a Ubuntu instance, and this parameter is present there. $ sysctl -a | grep -i protected |
This will get a bit more complicated. As per my tests CentOS8 supports all these sysctls. So we would need to match the supported options to the respective distros. I can take a look into this, but this will take some time.
This should be easy. see:
|
Thanks @schurzi . We have excluded sysctl-34 from being checked, for the time being. Also, this I believe is the original commit to the kernel, if that helps in some way: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30aba6656f61ed44cba445a3c0d38b296fa9e8f5 Thanks! |
Hello!
My playbook is stating fs.protected_regular setting is changed, but it doesn't actually reflect in the system:
ok: [localhost] => (item={u'key': u'net.ipv4.conf.all.arp_announce', u'value': 2})
ok: [localhost] => (item={u'key': u'net.ipv4.conf.all.rp_filter', u'value': 1})
changed: [localhost] => (item={u'key': u'fs.protected_regular', u'value': 2}) <<<<<
ok: [localhost] => (item={u'key': u'net.ipv4.conf.default.send_redirects', u'value': 0})
ok: [localhost] => (item={u'key': u'net.ipv4.conf.all.accept_redirects', u'value': 0})
not actually set:
[root@ip-10-0-0-24 roles]# sysctl -n fs.protected_hardlinks fs.protected_regular
1
sysctl: cannot stat /proc/sys/fs/protected_regular: No such file or directory
[root@ip-10-0-0-24 roles]# sysctl -a | egrep -i "fs.protected_hardlinks|fs.protected_regular"
fs.protected_hardlinks = 1
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
[root@ip-10-0-0-24 roles]#
Please refer to: https://github.com/dev-sec/ansible-collection-hardening/pull/494/files
Could you please check, or is it possible that the issue is only happening in my system.
The text was updated successfully, but these errors were encountered: