search

dev-sec / puppet-os-hardening

This puppet module provides numerous security-related configurations, providing all-round base protection.
http://dev-sec.io/
Apache License 2.0
281 stars 101 forks source link

sysctl changes are not permanent #308

Closed iscb1962 closed 1 year ago

iscb1962 commented 1 year ago

Describe the bug The sysctl module within os_hardening does not supply true to the permanent option to the sysctl calls - which means that on reboot many of the setting are lost until puppet updates them again.

Expected behavior sysctl calls should ensure that the changes are permanent (ie stored within the sysctl.conf file).

Actual behavior sysctl calls only impact on the running kernel (ie values are not stored within the sysctl.conf file).

Example code Run the os_hardening module - it will change sysctl values - no entries will be made to sysctl.conf.

OS / Environment RHEL / Rocky 9

Puppet Version

7.25.0
iscb1962 commented 1 year ago

It turns out that the sysctl function in our puppet environment was being picked up from the wrong provider - apologies. All works as expected now that is removed.