Skip to content

profiles/rhel9+rhel10/hipaa: add grub2_audit_backlog_limit_argument#14688

Open
ggbecker wants to merge 1 commit intoComplianceAsCode:masterfrom
ggbecker:fix-upstream-prod-2
Open

profiles/rhel9+rhel10/hipaa: add grub2_audit_backlog_limit_argument#14688
ggbecker wants to merge 1 commit intoComplianceAsCode:masterfrom
ggbecker:fix-upstream-prod-2

Conversation

@ggbecker
Copy link
Copy Markdown
Member

@ggbecker ggbecker commented Apr 30, 2026
edited
Loading

Description:

  • profiles/rhel8+rhel9+rhel10/hipaa: add grub2_audit_backlog_limit_argument

  • The HIPAA profile enables a large number of audit rules which generates
    high volumes of kernel audit events at boot. Without a raised
    audit_backlog_limit, the kauditd hold queue overflows on reboot.

  • Set var_audit_backlog_limit=8192 and include the
    grub2_audit_backlog_limit_argument rule for RHEL8/9/10.

Rationale:

@ggbecker ggbecker added this to the 0.1.81 milestone Apr 30, 2026
@ggbecker ggbecker added the bugfix Fixes to reported bugs. label Apr 30, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Apr 30, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Apr 30, 2026
@ggbecker
profiles/rhel8+rhel9+rhel10/hipaa: add grub2_audit_backlog_limit_argu…
4c49e13 
…ment

The HIPAA profile enables a large number of audit rules which generates
high volumes of kernel audit events at boot. Without a raised
audit_backlog_limit, the kauditd hold queue overflows on reboot.

Set var_audit_backlog_limit=8192 and include the
grub2_audit_backlog_limit_argument rule for RHEL8/9/10.
@ggbecker ggbecker force-pushed the fix-upstream-prod-2 branch from 47234d8 to 4c49e13 Compare April 30, 2026 13:22
@ggbecker ggbecker marked this pull request as ready for review April 30, 2026 13:23
@openshift-ci openshift-ci Bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Apr 30, 2026
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Apr 30, 2026

@ggbecker: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-node-compliance 4c49e13 link true /test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matusmarhefka matusmarhefka Awaiting requested review from matusmarhefka matusmarhefka is a code owner

@Mab879 Mab879 Awaiting requested review from Mab879 Mab879 is a code owner

@vojtapolasek vojtapolasek Awaiting requested review from vojtapolasek vojtapolasek is a code owner

@jan-cerny jan-cerny Awaiting requested review from jan-cerny jan-cerny is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bugfix Fixes to reported bugs.

Projects

None yet

Milestone

0.1.81

Development

Successfully merging this pull request may close these issues.

kauditd hold queue overflow after hardening with hipaa profile

1 participant

@ggbecker