Profile Applicability:
• Level 2
Description:
The running system configuration refers to the current active settings in memory, while the on-disk configuration refers to saved configuration files. Ensuring these are consistent prevents discrepancies that can cause unexpected behavior or security gaps.
Rationale:
Maintaining synchronization between running and saved configurations ensures system stability, security compliance, and predictable behavior after reboots.
Impact:
Pros:
Prevents configuration drift and security vulnerabilities.
Ensures intended policies and settings persist.
Cons:
Requires administrative diligence to maintain consistency.
Misalignment may cause system instability or security risks.
Default Value:
Systems may have differences due to unsaved changes or manual edits.
Pre-requisites:
Root or sudo privileges to audit, compare, and apply configuration changes.
Remediation:
Test Plan:
Using Linux command line:
Compare running configuration with saved files:
For services, check current status and compare with config files (e.g., sshd, firewalld).
Use tools like diff or configuration management systems.
Implementation Plan:
Using Linux command line:
Save running configuration to disk using appropriate commands (e.g., service reload, systemctl daemon-reload).
Manually update configuration files to match running settings or vice versa.
Verify consistency by rechecking differences.
Backout Plan:
Using Linux command line:
Restore previous configurations from backups if inconsistencies cause issues.
Document and monitor changes to prevent recurrence.
References:
CIS Amazon Linux 2 Benchmark v3.0.0