Use sysctl_distributed_config property

Instead of using per product logn conditions in templates and rules/fixes, use property defined on per product basis. Thanks to @yuumasato for the hint
ComplianceAsCode · Apr 2, 2023 · c1d8884 · c1d8884
1 parent d14940f
commit c1d8884
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 3 deletions.
diff --git a/products/sle12/product.yml b/products/sle12/product.yml
@@ -39,3 +39,5 @@ reference_uris:
  cis: 'https://www.cisecurity.org/benchmark/suse_linux/'
 
 dconf_gdm_dir: "gdm.d"
+
+sysctl_distributed_config: "true"
diff --git a/products/sle15/product.yml b/products/sle15/product.yml
@@ -44,3 +44,5 @@ reference_uris:
  cis: 'https://www.cisecurity.org/benchmark/suse_linux/'
 
 dconf_gdm_dir: "gdm.d"
+
+sysctl_distributed_config: "true"
diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template
@@ -25,7 +25,7 @@ done
 #
 # Set sysctl config file which to save the desired value
 #
-{{% if product in [ "sle12", "sle15"] %}}
+{{% if sysctl_distributed_config == "true" %}}
 SYSCONFIG_FILE='/etc/sysctl.d/{{{ SYSCTLVAR | replace(".","_") }}}.conf'
 {{% else %}}
 SYSCONFIG_FILE="/etc/sysctl.conf"
@@ -43,7 +43,7 @@ SYSCONFIG_FILE="/etc/sysctl.conf"
 # If {{{ SYSCTLVAR }}} present in /etc/sysctl.conf, change value to appropriate value
 # else, add "{{{ SYSCTLVAR }}} = value" to /etc/sysctl.conf
 #
-{{% if product in [ "sle12", "sle15"] %}}
+{{% if sysctl_distributed_config == "true" %}}
 sed -i "/^$SYSCONFIG_VAR/d" /etc/sysctl.conf
 {{% endif %}}
 {{{ bash_replace_or_append('${SYSCONFIG_FILE}', '^' ~ SYSCTLVAR , '$sysctl_' ~ SYSCTLID ~ '_value') }}}
@@ -59,7 +59,7 @@ sed -i "/^$SYSCONFIG_VAR/d" /etc/sysctl.conf
 # If {{{ SYSCTLVAR }}} present in /etc/sysctl.conf, change value to "{{{ SYSCTLVAL }}}"
 # else, add "{{{ SYSCTLVAR }}} = {{{ SYSCTLVAL }}}" to /etc/sysctl.conf
 #
-{{% if product in [ "sle12", "sle15"] %}}
+{{% if sysctl_distributed_config == "true" %}}
 sed -i "/^$SYSCONFIG_VAR/d" /etc/sysctl.conf
 {{% endif %}}
 {{{ bash_replace_or_append('${SYSCONFIG_FILE}', '^' ~ SYSCTLVAR , SYSCTLVAL ) }}}

diff --git a/ssg/constants.py b/ssg/constants.py
@@ -471,3 +471,4 @@
 DEFAULT_PRODUCT = 'example'
 DEFAULT_CHRONY_CONF_PATH = '/etc/chrony.conf'
 DEFAULT_AUDISP_CONF_PATH = '/etc/audit'
+DEFAULT_SYSCTL_DISTRIBUTED_CONFIG = 'false'
diff --git a/ssg/products.py b/ssg/products.py
@@ -98,6 +98,9 @@ def _get_implied_properties(existing_properties):
  if "faillock_path" not in existing_properties:
  result["faillock_path"] = DEFAULT_FAILLOCK_PATH
 
+ if "sysctl_distributed_config" not in existing_properties:
+ result["sysctl_distributed_config"] = DEFAULT_SYSCTL_DISTRIBUTED_CONFIG
+
  return result