Closed ssarkar9 closed 7 months ago
@ssarkar9 : my checks are looking good as per CIS standard after hardening the instance using this repo. Can you please elaborate when you say your checks are failing? What settings are you referring to:
audit=1
audit_backlog_limit=8192
enabled
I assume AL2023 uses GRUB_CMDLINE_LINUX_DEFAULT and not GRUB_CMDLINE_LINUX. So I am not sure what we should modify in this repo.
hi @ssarkar9 and @ashfaqsharif
Just following up on this thread, could we have a little more clarity on what you are seeing, what you are expecting and what is failing so that we may follow this up.
Many thanks
uk-bolly
Please close. This is actually fine. I ran a STIG and then Ansible lockdown. I switched the order where lock down was run first and then STIG. STIG was causing issue. This can be closed
Describe the Issue GRUB_CMDLINE_LINUX="audit=1 audit_backlog_limit=8192 pti=on page_poison=1 vsyscall=none" is a sample line.
Expected Behavior Audit for the process prior to start of auditd should pass.
Actual Behavior This is actually showing up as failed.
Control(s) Affected What controls are being affected by the issue CIS 5.2.1.2
Environment (please complete the following information):
Additional Notes Anything additional goes here
Possible Solution Use GRUB_CMDLINE_LINUX instead of GRUB_CMDLINE_LINUX_Default