5 Replies Latest reply on Feb 14, 2018 8:34 AM by Santhosh Kurimilla

    CIS 2.0.2 Compliance Remediation for sysctl

    Santhosh Kurimilla

      Bill Robinson Akbar Aziz All,

       

      We have Imported CIS Compliance Templates for RHEL6 from BSA 8.9 to 8.7 P3.

      When we reviewed the Compliance rules and associated remediation packages for the Rule Set 3 - Network Configuration, All the rules are validated in 2 parts:

      1. By running sysctl -a command and output of it:

           Remediation: To run the sysctl -w command with the parameter and value in question - Which is a temporary configuration change

      2. By validating the parameters exist in /etc/sysctl.conf file

           Remediation: Nothing

       

      As sysctl -w command seems to be a temporary fix and these rules require the entries to be in /etc/sysctl.conf file, when we run the same compliance through Nessus, it is showing the rules as NonCompliant.

       

      Our concern is why Bladelogic remediation is not updating sysctl.conf file?