Improve logic in sysctl remediations + improve auditd remediation #1761
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I noticed a lot of our steps didn't work for my Debian system because the config was already set in the /etc/sysctl.conf file. If it's there let's make sure to edit it. If not then we can create the .d file
I also confirmed that a reload of auditd does not load the main config file so if you change that you need to do a full restart.
Finally I nuked some sudo usage in our remediations so things are consistent