Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When enabling ufw some sysctl settings get overridden causing CIS failures #28

Closed
jrbeilke opened this issue Apr 9, 2021 · 0 comments · Fixed by #34
Closed

When enabling ufw some sysctl settings get overridden causing CIS failures #28

jrbeilke opened this issue Apr 9, 2021 · 0 comments · Fixed by #34

Comments

@jrbeilke
Copy link

jrbeilke commented Apr 9, 2021

When ufw is enabled it includes its own sysctl settings which override some of the settings needed for the CIS benchmark ie.

  • log_martians for SCORED | 3.2.4 | PATCH | Ensure suspicious packets are logged

https://serverfault.com/questions/745995/enabling-ufw-disables-some-of-the-settings-in-sysctl-conf

If ufw is enabled then it seems the Ansible role will need to also update any relevant sysctl settings in /etc/ufw/sysctl.conf
georgenalen added a commit that referenced this issue Apr 14, 2021
@georgenalen
fix for issue #28
db79690 
Signed-off-by: George Nalen <georgen@mindpointgroup.com>
georgenalen added a commit that referenced this issue Apr 14, 2021
@georgenalen
Merge pull request #33 from ansible-lockdown/updates_15_2021
5f20617 
fix for issue #28
Signed-off-by: George Nalen <georgen@mindpointgroup.com>
@georgenalen georgenalen mentioned this issue Apr 14, 2021
Merged
@georgenalen georgenalen linked a pull request Apr 14, 2021 that will close this issue
Issue Fixes and Layout Change #34
Merged
uk-bolly pushed a commit that referenced this issue Sep 20, 2023
@georgenalen @uk-bolly
fix for issue #28
50442e3 
Signed-off-by: George Nalen <georgen@mindpointgroup.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue Fixes and Layout Change ansible-lockdown/UBUNTU18-CIS
2 participants
@jrbeilke @georgenalen