Update few sysctl rules to accept multiple compliant values #9286
Commits on Aug 3, 2022
-
Make rule sysctl ipv4 rp_filter accept two values
This also removes value '0' from the list of possible configurations. This change aligns the rule better with STIG.
-
Make rule for kptr_restrict accept two values
This also removes value '0' from the list of possible configurations. This change aligns the rule better with STIG.
-
Remove variable selector that will result in error
The rule only accepts values 1 or 2 as compliant, the XCCDF Variable cannot have the value 0, it will never result in pass.
-
Restrict sysctl multivalue compliance to rhel and ol
For now, the only STIGs I see that adopted this change were RHEL's and OL's.
-
Update OCIL check along with the rule
The OCIL should should mention both compliant values.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.