Actions
Bug #20853
closed
sysctl value generic method is not reporting
Status:
Released
Priority:
1 (highest)
Assignee:
Category:
Web - Technique editor
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
setting vm.swappiness = 10 with Max option on a system that has already 0 enforce results in:
- First run: an error
- Next runs: no reports
file 99_rudder.conf is created
Updated by
Updated by Nicolas CHARLES about 1 year ago
- Priority changed from N/A to 1 (highest)
- Regression set to No
Error still exists if entry exist in file 99rudder.conf, and we set a value with sysctl -w
the method does what is expected, but only reports logs
R: @@technique_id@@log_info@@rule_id@@directive_id@@4330cbac-36e1-4d62-9c2a-d2a2a99b9393@@1.5.2 - Ensure address space layout randomization (ASLR) is enabled@@kernel.randomize_va_space@@2024-03-11 15:04:03+00:00##fb264042-a1b8-4770-b090-a398ea6fbbc3@#Set the string sysctl_var.getkernel_randomize_va_space to the output of '/sbin/sysctl -n kernel.randomize_va_space # Get value (expect 2, option default)' was correct
R: The '/sbin/sysctl -n kernel.randomize_va_space # Get value (expect 2, option default)' command returned '0'
R: @@technique_id@@log_info@@rule_id@@directive_id@@4330cbac-36e1-4d62-9c2a-d2a2a99b9393@@1.5.2 - Ensure address space layout randomization (ASLR) is enabled@@kernel.randomize_va_space@@2024-03-11 15:04:03+00:00##fb264042-a1b8-4770-b090-a398ea6fbbc3@#Ensure line in format key=value in /etc/sysctl.d/99rudder.conf was correct
R: @@technique_id@@log_info@@rule_id@@directive_id@@4330cbac-36e1-4d62-9c2a-d2a2a99b9393@@1.5.2 - Ensure address space layout randomization (ASLR) is enabled@@kernel.randomize_va_space@@2024-03-11 15:04:03+00:00##fb264042-a1b8-4770-b090-a398ea6fbbc3@#Ensure line in format key=value in /etc/sysctl.d/99rudder.conf was correct
info: Executing 'no timeout' ... '/sbin/sysctl --system # Reload value kernel.randomize_va_space (expect 2, option default)'
notice: Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-console-messages.conf ...
Q: "...bin/sysctl --sy": kernel.printk = 4 4 1 7
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
Q: "...bin/sysctl --sy": net.ipv6.conf.all.use_tempaddr = 2
Q: "...bin/sysctl --sy": net.ipv6.conf.default.use_tempaddr = 2
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-kernel-hardening.conf ...
Q: "...bin/sysctl --sy": kernel.kptr_restrict = 1
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-link-restrictions.conf ...
Q: "...bin/sysctl --sy": fs.protected_hardlinks = 1
Q: "...bin/sysctl --sy": fs.protected_symlinks = 1
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-magic-sysrq.conf ...
Q: "...bin/sysctl --sy": kernel.sysrq = 176
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-network-security.conf ...
Q: "...bin/sysctl --sy": net.ipv4.conf.default.rp_filter = 2
Q: "...bin/sysctl --sy": net.ipv4.conf.all.rp_filter = 2
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-ptrace.conf ...
Q: "...bin/sysctl --sy": kernel.yama.ptrace_scope = 1
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/10-zeropage.conf ...
Q: "...bin/sysctl --sy": vm.mmap_min_addr = 65536
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/30-postgresql-shm.conf ...
Q: "...bin/sysctl --sy": * Applying /usr/lib/sysctl.d/50-default.conf ...
Q: "...bin/sysctl --sy": net.ipv4.conf.default.promote_secondaries = 1
Q: "...bin/sysctl --sy": sysctl: setting key "net.ipv4.conf.all.promote_secondaries": Invalid argument
Q: "...bin/sysctl --sy": net.ipv4.ping_group_range = 0 2147483647
Q: "...bin/sysctl --sy": net.core.default_qdisc = fq_codel
Q: "...bin/sysctl --sy": fs.protected_regular = 1
Q: "...bin/sysctl --sy": fs.protected_fifos = 1
Q: "...bin/sysctl --sy": * Applying /usr/lib/sysctl.d/50-pid-max.conf ...
Q: "...bin/sysctl --sy": kernel.pid_max = 4194304
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/99-sysctl.conf ...
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.d/99rudder.conf ...
Q: "...bin/sysctl --sy": kernel.randomize_va_space = 2
Q: "...bin/sysctl --sy": * Applying /usr/lib/sysctl.d/protect-links.conf ...
Q: "...bin/sysctl --sy": fs.protected_fifos = 1
Q: "...bin/sysctl --sy": fs.protected_hardlinks = 1
Q: "...bin/sysctl --sy": fs.protected_regular = 2
Q: "...bin/sysctl --sy": fs.protected_symlinks = 1
Q: "...bin/sysctl --sy": * Applying /etc/sysctl.conf ...
info: Last 38 quoted lines were generated by promiser '/sbin/sysctl --system # Reload value kernel.randomize_va_space (expect 2, option default)'
info: Completed execution of '/sbin/sysctl --system # Reload value kernel.randomize_va_space (expect 2, option default)'
R: @@technique_id@@log_repaired@@rule_id@@directive_id@@4330cbac-36e1-4d62-9c2a-d2a2a99b9393@@1.5.2 - Ensure address space layout randomization (ASLR) is enabled@@kernel.randomize_va_space@@2024-03-11 15:04:03+00:00##fb264042-a1b8-4770-b090-a398ea6fbbc3@#Execute command /sbin/sysctl --system # Reload value kernel.randomize_va_space (expect 2, option default) was repaired
R: @@technique_id@@log_info@@rule_id@@directive_id@@4330cbac-36e1-4d62-9c2a-d2a2a99b9393@@1.5.2 - Ensure address space layout randomization (ASLR) is enabled@@kernel.randomize_va_space@@2024-03-11 15:04:03+00:00##fb264042-a1b8-4770-b090-a398ea6fbbc3@#Set the string sysctl_var.checkkernel_randomize_va_space to the output of '/sbin/sysctl -n kernel.randomize_va_space # Check value (expect 2, option default)' was correct
Updated by Nicolas CHARLES about 1 year ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Félix DALLIDET
- Pull Request set to https://github.com/Normation/ncf/pull/1418
Updated by Anonymous about 1 year ago
- Status changed from Pending technical review to Pending release
Applied in changeset ncf|54471f460174c8459b7f226928fec08c55007509.
Updated by
Updated by Vincent MEMBRÉ about 1 year ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.3.14, 8.0.8 and 8.1.1 which were released today.
Actions