From e48bed92f1101e718c88f3b5aa110fc14ffb220d Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Mon, 31 Jul 2023 16:17:38 +0200
Subject: [PATCH 1/2] sysctl_kernel_kptr_restrict is PASS by default

In #10367 the sysctl template was updated to check whether a
sysctl is set on /usr/lib/sysctl.d without being overwritten.

kernel.kptr_restrict is set to 1 by default in
/usr/lib/sysctl.d/50-redhat.conf

Before, the template didn't check for sysctls in that path and resulted in
Fail evaluation, requiring remediation.
---
 .../sysctl_kernel_kptr_restrict/tests/ocp4/e2e.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/ocp4/e2e.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/ocp4/e2e.yml
index fd9b313e87b..501c86d24cc 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/ocp4/e2e.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/ocp4/e2e.yml
@@ -1,3 +1,3 @@
 ---
-default_result: FAIL
+default_result: PASS
 result_after_remediation: PASS

From 8529633b9e9fdb05adcb58fd5dad259698ee5722 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Mon, 31 Jul 2023 16:55:37 +0200
Subject: [PATCH 2/2] default_result is pass on these sysctl rules

The following sysctls are defined in /usr/lib/sysctl.d/50-redhat.conf
and compliant by default.

The sysctl template got updated to check the files in /usr/lib/sysctl.d.
---
 .../tests/ocp4/e2e.yml                                          | 2 +-
 .../files/sysctl_fs_protected_hardlinks/tests/ocp4/e2e.yml      | 2 +-
 .../files/sysctl_fs_protected_symlinks/tests/ocp4/e2e.yml       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/ocp4/e2e.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/ocp4/e2e.yml
index fd9b313e87b..501c86d24cc 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/ocp4/e2e.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/tests/ocp4/e2e.yml
@@ -1,3 +1,3 @@
 ---
-default_result: FAIL
+default_result: PASS
 result_after_remediation: PASS
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/tests/ocp4/e2e.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/tests/ocp4/e2e.yml
index fd9b313e87b..501c86d24cc 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/tests/ocp4/e2e.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/tests/ocp4/e2e.yml
@@ -1,3 +1,3 @@
 ---
-default_result: FAIL
+default_result: PASS
 result_after_remediation: PASS
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/tests/ocp4/e2e.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/tests/ocp4/e2e.yml
index fd9b313e87b..501c86d24cc 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/tests/ocp4/e2e.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/tests/ocp4/e2e.yml
@@ -1,3 +1,3 @@
 ---
-default_result: FAIL
+default_result: PASS
 result_after_remediation: PASS