4.1.1.2 and 4.1.1.3 Do not accurately determine the current state of the Kernel audit and audit backlog limits. As such they always trigger, spoiling idempotency.
Issue Fixes:
Fixes #187: Idempotent and other issues in 4.1.1.2 and 4.1.1.3
Fixes #160
Enhancements:
None other than the fixes identified
How has this been tested?:
Tested against a minimally configured Alma Linux 9 VM.
audit task 4.1.1.2
Ran numerous combinations of 1 and 0 and Off (in various case upper/lower/mixed)
Correctly identified when it needed to run and when not
Ran against a single kernel, so a single response from grubby
Correctly identified when it needed to run and when not
Ran against multiple kernels, so an array response from grubby
Correctly identified when it needed to run and when not
Ran test against none of the kernels having the arg set
Correctly identified that it needed to run
Repeated runs do not trigger grubby to update
Correctly identified that it did not need to run
audit backlog limit task 4.1.1.3
Ran numerous combinations of different elements in the array being below the target
Correctly identified when it needed to run and when not
Ran against a single kernel, so a single response from grubby
Correctly identified when it needed to run and when not
Ran against multiple kernels, so an array response from grubby
Correctly identified when it needed to run and when not
Ran test against none of the kernels having the arg set
Overall Review
4.1.1.2 and 4.1.1.3 Do not accurately determine the current state of the Kernel audit and audit backlog limits. As such they always trigger, spoiling idempotency.
Issue Fixes:
Fixes #187: Idempotent and other issues in 4.1.1.2 and 4.1.1.3
Fixes #160
Enhancements:
None other than the fixes identified
How has this been tested?:
Tested against a minimally configured Alma Linux 9 VM.
audit task 4.1.1.2
audit backlog limit task 4.1.1.3