Project

General

Profile

Actions

Bug #20853

closed

sysctl value generic method is not reporting

Added by Nicolas CHARLES almost 3 years ago. Updated 8 months ago.

Status:
Released
Priority:
1 (highest)
Category:
Web - Technique editor
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

setting vm.swappiness = 10 with Max option on a system that has already 0 enforce results in:
  • First run: an error
  • Next runs: no reports

file 99_rudder.conf is created

Actions #1

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 7.0.2 to 7.0.3
Actions #2

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 7.0.3 to 7.0.4
Actions #3

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 7.0.4 to 7.0.5
Actions #4

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 7.0.5 to 7.0.6
Actions #5

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 7.0.6 to 7.0.7
Actions #6

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 7.0.7 to 7.0.8
Actions #7

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 7.0.8 to 1002
Actions #8

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 1002 to 7.1.7
Actions #9

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 7.1.7 to 7.1.8
Actions #10

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 7.1.8 to 7.1.9
Actions #11

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 7.1.9 to 7.1.10
Actions #12

Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 7.1.10 to 1016
Actions #13

Updated by Alexis Mousset almost 2 years ago

  • Target version changed from 1016 to 7.2.5
Actions #14

Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 7.2.5 to 7.2.6
Actions #15

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.2.6 to 7.2.7
Actions #16

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.2.7 to 7.2.8
Actions #17

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.2.8 to 7.2.9
Actions #18

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.2.9 to 7.2.10
Actions #19

Updated by Alexis Mousset over 1 year ago

  • Target version changed from 7.2.10 to 7.2.11
Actions #20

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.2.11 to 1046
Actions #21

Updated by Alexis Mousset about 1 year ago

  • Target version changed from 1046 to 7.3.8
Actions #22

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 7.3.8 to 7.3.9
Actions #23

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 7.3.9 to 7.3.10
Actions #24

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 7.3.10 to 7.3.11
Actions #25

Updated by Vincent MEMBRÉ 11 months ago

  • Target version changed from 7.3.11 to 7.3.12
Actions #26

Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 7.3.12 to 7.3.13
Actions #27

Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 7.3.13 to 7.3.14
Actions #28

Updated by Nicolas CHARLES 10 months ago

  • Priority changed from N/A to 1 (highest)
  • Regression set to No

Error still exists if entry exist in file 99rudder.conf, and we set a value with sysctl -w
the method does what is expected, but only reports logs

R: @@technique_id@@log_info@@rule_id@@directive_id@@4330cbac-36e1-4d62-9c2a-d2a2a99b9393@@1.5.2 - Ensure address space layout randomization (ASLR) is enabled@@kernel.randomize_va_space@@2024-03-11 15:04:03+00:00##fb264042-a1b8-4770-b090-a398ea6fbbc3@#Set the string sysctl_var.getkernel_randomize_va_space to the output of '/sbin/sysctl -n kernel.randomize_va_space # Get value (expect 2, option default)' was correct
R: The '/sbin/sysctl -n kernel.randomize_va_space # Get value (expect 2, option default)' command returned '0'
R: @@technique_id@@log_info@@rule_id@@directive_id@@4330cbac-36e1-4d62-9c2a-d2a2a99b9393@@1.5.2 - Ensure address space layout randomization (ASLR) is enabled@@kernel.randomize_va_space@@2024-03-11 15:04:03+00:00##fb264042-a1b8-4770-b090-a398ea6fbbc3@#Ensure line in format key=value in /etc/sysctl.d/99rudder.conf was correct
R: @@technique_id@@log_info@@rule_id@@directive_id@@4330cbac-36e1-4d62-9c2a-d2a2a99b9393@@1.5.2 - Ensure address space layout randomization (ASLR) is enabled@@kernel.randomize_va_space@@2024-03-11 15:04:03+00:00##fb264042-a1b8-4770-b090-a398ea6fbbc3@#Ensure line in format key=value in /etc/sysctl.d/99rudder.conf was correct
    info: Executing 'no timeout' ... '/sbin/sysctl --system  # Reload value kernel.randomize_va_space (expect 2, option default)'
  notice: Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-console-messages.conf ...
Q: "...bin/sysctl --sy": kernel.printk = 4 4 1 7
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
Q: "...bin/sysctl --sy": net.ipv6.conf.all.use_tempaddr = 2
Q: "...bin/sysctl --sy": net.ipv6.conf.default.use_tempaddr = 2
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-kernel-hardening.conf ...
Q: "...bin/sysctl --sy": kernel.kptr_restrict = 1
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-link-restrictions.conf ...
Q: "...bin/sysctl --sy": fs.protected_hardlinks = 1
Q: "...bin/sysctl --sy": fs.protected_symlinks = 1
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-magic-sysrq.conf ...
Q: "...bin/sysctl --sy": kernel.sysrq = 176
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-network-security.conf ...
Q: "...bin/sysctl --sy": net.ipv4.conf.default.rp_filter = 2
Q: "...bin/sysctl --sy": net.ipv4.conf.all.rp_filter = 2
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-ptrace.conf ...
Q: "...bin/sysctl --sy": kernel.yama.ptrace_scope = 1
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-zeropage.conf ...
Q: "...bin/sysctl --sy": vm.mmap_min_addr = 65536
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/30-postgresql-shm.conf ...
Q: "...bin/sysctl --sy": * Applying /usr/lib/sysctl.d/50-default.conf ...
Q: "...bin/sysctl --sy": net.ipv4.conf.default.promote_secondaries = 1
Q: "...bin/sysctl --sy": sysctl: setting key "net.ipv4.conf.all.promote_secondaries": Invalid argument
Q: "...bin/sysctl --sy": net.ipv4.ping_group_range = 0 2147483647
Q: "...bin/sysctl --sy": net.core.default_qdisc = fq_codel
Q: "...bin/sysctl --sy": fs.protected_regular = 1
Q: "...bin/sysctl --sy": fs.protected_fifos = 1
Q: "...bin/sysctl --sy": * Applying /usr/lib/sysctl.d/50-pid-max.conf ...
Q: "...bin/sysctl --sy": kernel.pid_max = 4194304
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/99-sysctl.conf ...
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/99rudder.conf ...
Q: "...bin/sysctl --sy": kernel.randomize_va_space = 2
Q: "...bin/sysctl --sy": * Applying /usr/lib/sysctl.d/protect-links.conf ...
Q: "...bin/sysctl --sy": fs.protected_fifos = 1
Q: "...bin/sysctl --sy": fs.protected_hardlinks = 1
Q: "...bin/sysctl --sy": fs.protected_regular = 2
Q: "...bin/sysctl --sy": fs.protected_symlinks = 1
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.conf ...
    info: Last 38 quoted lines were generated by promiser '/sbin/sysctl --system  # Reload value kernel.randomize_va_space (expect 2, option default)'
    info: Completed execution of '/sbin/sysctl --system  # Reload value kernel.randomize_va_space (expect 2, option default)'
R: @@technique_id@@log_repaired@@rule_id@@directive_id@@4330cbac-36e1-4d62-9c2a-d2a2a99b9393@@1.5.2 - Ensure address space layout randomization (ASLR) is enabled@@kernel.randomize_va_space@@2024-03-11 15:04:03+00:00##fb264042-a1b8-4770-b090-a398ea6fbbc3@#Execute command /sbin/sysctl --system  # Reload value kernel.randomize_va_space (expect 2, option default) was repaired
R: @@technique_id@@log_info@@rule_id@@directive_id@@4330cbac-36e1-4d62-9c2a-d2a2a99b9393@@1.5.2 - Ensure address space layout randomization (ASLR) is enabled@@kernel.randomize_va_space@@2024-03-11 15:04:03+00:00##fb264042-a1b8-4770-b090-a398ea6fbbc3@#Set the string sysctl_var.checkkernel_randomize_va_space to the output of '/sbin/sysctl -n kernel.randomize_va_space # Check value (expect 2, option default)' was correct

Actions #29

Updated by Nicolas CHARLES 10 months ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
Actions #30

Updated by Nicolas CHARLES 10 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Félix DALLIDET
  • Pull Request set to https://github.com/Normation/ncf/pull/1418
Actions #31

Updated by Anonymous 10 months ago

  • Status changed from Pending technical review to Pending release
Actions #32

Updated by Félix DALLIDET 9 months ago

  • Fix check changed from To do to Checked
Actions #33

Updated by Vincent MEMBRÉ 8 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 7.3.14, 8.0.8 and 8.1.1 which were released today.

Actions

Also available in: Atom PDF