sysctl-34 - fs.protected_regular is Ubuntu specific #170
Assignees
Comments
|
this should work now, thanks for the report! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
Please refer to issue reported with ansible-collection-hardening : dev-sec/ansible-collection-hardening#536
From above note it can be understood that Kernel parameter fs.protected_regular is Ubuntu specific.
But Inspec is checking for this parameter (control sysctl-34) in our CentOS instance, and failing:
11:15:03 CentOS 7: × sysctl-34: Ensure links are protected (1 failed)
11:15:03 CentOS 7: ✔ Kernel Parameter fs.protected_fifos value is expected to match (cmp nil)
11:15:03 CentOS 7: ✔ Kernel Parameter fs.protected_hardlinks value is expected to eq 1
11:15:03 CentOS 7: × Kernel Parameter fs.protected_regular value is expected to eq 2
11:15:03 CentOS 7:
11:15:03 CentOS 7: expected: 2
11:15:03 CentOS 7: got: nil
11:15:03 CentOS 7:
11:15:03 CentOS 7: (compared using ==)
See: https://github.com/dev-sec/linux-baseline/pull/160/files
I believe fs.protected_regular parameter must be excluded from centos/redhat distros.
Could you take a look please. This is breaking one of our image build pipelines.
@rndmh3ro @schurzi @chris-rock
Thank you!
The text was updated successfully, but these errors were encountered: