let os_hardening::sysctl make decisions about system_environment

dev-sec / puppet-os-hardening

This puppet module provides numerous security-related configurations, providing all-round base protection.

http://dev-sec.io/

Apache License 2.0

281 stars 101 forks source link

let os_hardening::sysctl make decisions about system_environment #276

Open michaelw opened 3 years ago

michaelw commented 3 years ago

This disables a few sysctls that do not apply in LXC and docker environments, without affecting the rest.

mcgege commented 3 years ago

@michaelw Well, for me it looks like you have changed the logic that way: If $enable_sysctl_config is true (which is the default) then the class os_hardening::sysctl is always applied, independend of the environment. That means that most of sysctl settings are set also in container environment, and only a few are skipped.

I don't think that's the way it should be ...