ComplianceAsCode · Mab879 · Feb 6, 2026 · Feb 3, 2026 · Feb 3, 2026 · Feb 3, 2026
diff --git a/products/rhel10/product.yml b/products/rhel10/product.yml
@@ -57,3 +57,4 @@ reference_uris:
 journald_conf_dir_path: /etc/systemd/journald.conf.d
 audit_watches_style: modern
 rsyslog_cafile: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+sysctl_remediate_drop_in_file: true
diff --git a/products/rhel8/product.yml b/products/rhel8/product.yml
@@ -107,3 +107,4 @@ reference_uris:
   cis: 'https://www.cisecurity.org/benchmark/red_hat_linux/'
 
 journald_conf_dir_path: /etc/systemd/journald.conf.d
+sysctl_remediate_drop_in_file: true
diff --git a/products/rhel9/product.yml b/products/rhel9/product.yml
@@ -60,3 +60,4 @@ centos_pkg_version: "8483c65d"
 centos_major_version: "9"
 
 journald_conf_dir_path: /etc/systemd/journald.conf.d
+sysctl_remediate_drop_in_file: true
@@ -0,0 +1,17 @@
+#!/bin/bash
+{{% if SYSCTLVAL == "" %}}
+# variables = sysctl_{{{ SYSCTLID }}}_value={{{ SYSCTL_CORRECT_VALUE }}}
+{{% endif %}}
+
+# Clean sysctl config directories
+{{% if "ubuntu" in product %}}
+rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* /etc/ufw/sysctl.conf
+{{% else %}}
+rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
+{{% endif %}}
+
+sed -i "/{{{ SYSCTLVAR }}}/d" /etc/sysctl.conf
+
+echo "{{{ SYSCTLVAR }}} = {{{ SYSCTL_CORRECT_VALUE }}}" >> /etc/sysctl.d/duplicate.conf
+
+sysctl -w {{{ SYSCTLVAR }}}="{{{ SYSCTL_CORRECT_VALUE }}}"
@@ -104,7 +104,7 @@ release_key_fingerprint: 567E347AD0044ADE55BA8A5F199E2F91FD431D51
 rsyslog_cafile: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 sshd_distributed_config: 'true'
 sshd_runtime_check: 'false'
-sysctl_remediate_drop_in_file: 'false'
+sysctl_remediate_drop_in_file: 'true'
 target_oval_version:
 - 5
 - 11

@@ -151,7 +151,7 @@ release_key_fingerprint: 567E347AD0044ADE55BA8A5F199E2F91FD431D51
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
 sshd_runtime_check: 'false'
-sysctl_remediate_drop_in_file: 'false'
+sysctl_remediate_drop_in_file: 'true'
 target_oval_version:
 - 5
 - 11

@@ -108,7 +108,7 @@ release_key_fingerprint: 567E347AD0044ADE55BA8A5F199E2F91FD431D51
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'true'
 sshd_runtime_check: 'false'
-sysctl_remediate_drop_in_file: 'false'
+sysctl_remediate_drop_in_file: 'true'
 target_oval_version:
 - 5
 - 11
Original file line number	Diff line number	Diff line change
Expand Up		@@ -107,3 +107,4 @@ reference_uris:
		cis: 'https://www.cisecurity.org/benchmark/red_hat_linux/'

		journald_conf_dir_path: /etc/systemd/journald.conf.d
		sysctl_remediate_drop_in_file: true
Original file line number	Diff line number	Diff line change
Expand Up		@@ -60,3 +60,4 @@ centos_pkg_version: "8483c65d"
		centos_major_version: "9"

		journald_conf_dir_path: /etc/systemd/journald.conf.d
		sysctl_remediate_drop_in_file: true