3.3.7 Ensure Reverse Path Filtering is enabled

Describe the Issue CIS-CAT assessment reports failure.

Expected Behavior Assessment pass.

Actual Behavior FAIL

Reason(s) for audit failure:
"net.ipv4.conf.default.rp_filter" is set incorrectly in "/usr/lib/sysctl.d/50-default.conf /lib/sysctl.d/50-default.conf"`

Control(s) Affected 3.3.7 Ensure Reverse Path Filtering is enabled

Environment:

branch being used: devel
Ansible Version: 2.15.4
Host Python Version: 3.9.6
Ansible Server Python Version: 3.9.16
Additional Details: N/A

Possible Solution

- name: POST | Update usr sysctl
  ansible.builtin.lineinfile:
      dest: /usr/lib/sysctl.d/50-default.conf
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
  loop:
      - { regexp: '^net.ipv4.conf.default.rp_filter', line: 'net.ipv4.conf.default.rp_filter = 1' }
      - { regexp: '^net.ipv4.conf.*.rp_filter', line: 'net.ipv4.conf.*.rp_filter = 1' }
  when:
      - rhel9cis_sysctl_update
      - not system_is_container
      - "'procps-ng' in ansible_facts.packages"

ansible-lockdown / UBUNTU22-CIS

3.3.7 Ensure Reverse Path Filtering is enabled #158