RFE for RHEL8 STIG control V-230546 to perform all steps of the Fix Text section

[bzilla]

Use Case

The Fix Text section in V-230546 includes a step that cem_linux currently doesn't perform: removing the kernel.yama.ptrace_scope option from various other file locations on the system. This is understandable from a pure system configuration and operational perspective as the resulting puppet-managed configuration file takes precedence over all other files making the managed resource the only one used. However, the control is technically still only partially implemented.

The relevant section from the control is here for easy reference, but please reference the actual control for all of the details:

Remove any configurations that conflict with the above from the following locations: /run/sysctl.d/.conf /usr/local/lib/sysctl.d/.conf /usr/lib/sysctl.d/.conf /lib/sysctl.d/.conf /etc/sysctl.conf /etc/sysctl.d/*.conf

Describe the Solution You Would Like

Because the Fix Text of the control includes this step, the request is that cem_linux be enhanced to perform the removal of this option from the files indicated. This would result in a fully applied control and clean compliance scans and system reviews.

Describe Alternatives You've Considered

A manual or scripted update could be made, but this would't be managed.

Additional Context

Checking the content of the compliance hiera, the current management of this option is a simple cem_linux::utils::multi_sysctl class call.

[hsnodgrass]

@bzilla Thank you for submitting this request! This request will be reviewed by CEM product and engineering and we will keep this issue updated.

[github-actions[bot]]

Migrated issue to CEM-3783

[bzilla]

RHEL8 STIG controls V-230311 and V-230270 have similar requirements where the configuration needs to be removed from other files. Please consider addressing these controls in the same way as with this RFE.