Skip to content

RHEL: use dropin files when remediating sysctl rules#14353

Merged
Mab879 merged 4 commits intoComplianceAsCode:masterfrom
vojtapolasek:rhel_sysctl_dropin_remediations
Feb 6, 2026
Merged

RHEL: use dropin files when remediating sysctl rules#14353
Mab879 merged 4 commits intoComplianceAsCode:masterfrom
vojtapolasek:rhel_sysctl_dropin_remediations

Conversation

@vojtapolasek
Copy link
Collaborator

@vojtapolasek vojtapolasek commented Feb 3, 2026

Description:

  • use files within /etc/sysctl.d directory as target of remediation of sysctl templated rules
  • previously the file /etc/sysctl.conf was used as a primary target

Rationale:

  • usage of dropin files is in general prefered, also suggested in some policies such as STIG or CIS

Review Hints:

Rebuild the content and compare remediations before and after the PR.
Run some sample Automatus test on a templated rule.

@vojtapolasek vojtapolasek added this to the 0.1.80 milestone Feb 3, 2026
@vojtapolasek vojtapolasek requested a review from a team as a code owner February 3, 2026 09:50
@vojtapolasek vojtapolasek added RHEL9 Red Hat Enterprise Linux 9 product related. RHEL8 Red Hat Enterprise Linux 8 product related. RHEL10 Red Hat Enterprise Linux 10 product related. labels Feb 3, 2026
@github-actions
Copy link

github-actions bot commented Feb 3, 2026

ATEX Test Results

Test artifacts have been submitted to Testing Farm.

Results: View Test Results
Workflow Run: View Workflow Details

This comment was automatically generated by the ATEX workflow.

@Arden97 Arden97 self-assigned this Feb 3, 2026
Arden97
Arden97 requested changes Feb 3, 2026
View reviewed changes
Copy link
Contributor

@Arden97 Arden97 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should at the very least add simple correct_value_sysctld.pass.sh and wrong_value_sysctld.fail.sh tests to check for entries in dropin files.

@vojtapolasek
Copy link
Collaborator Author

vojtapolasek commented Feb 5, 2026

@Arden97 I added a test scenario which simulates correct value only in /etc/sysctl.d/*.conf.
We already have a test scenario which simulates having a wrong value here, wrong_value_d_directory.fail.sh. I think this suffices.

@Mab879 Mab879 merged commit e8e4531 into ComplianceAsCode:master Feb 6, 2026
62 of 64 checks passed
@ggbecker ggbecker mentioned this pull request Feb 9, 2026
Closed
@ggbecker ggbecker added the Highlight This PR/Issue should make it to the featured changelog. label Mar 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mab879 Mab879 Mab879 approved these changes

@Arden97 Arden97 Arden97 approved these changes

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@jan-cerny jan-cerny Awaiting requested review from jan-cerny jan-cerny is a code owner

Assignees

@Arden97 Arden97

Labels

Highlight This PR/Issue should make it to the featured changelog. RHEL8 Red Hat Enterprise Linux 8 product related. RHEL9 Red Hat Enterprise Linux 9 product related. RHEL10 Red Hat Enterprise Linux 10 product related.

Projects

None yet

Milestone

0.1.80

Development

Successfully merging this pull request may close these issues.

4 participants

@vojtapolasek @Mab879 @Arden97 @ggbecker