Unexpected behaviour when using --audit #307
Description
current version:
git rev-parse HEAD
059bd75dbd77cef204c6f93194e5a06a00a6e5d8
which is the latest version.
--audit misbehavior
using --audit seems to change my config after the run.
steps:
- use
--create-config-files-onlyto create a bunch of config files - edit
etc/conf.d/1.1.1.1_disable_freevxfs.cfgto disable the check - run
./bin/hardening.sh --auditagain to audit system.
expect:
1.1.1.1 should be disabled, this check should be skipped
actual:
root@borin9:/home/xxx/debian-cis# sed -E -i 's/(audit|enabled)/disabled/g' etc/conf.d/1.1.1.*
root@borin9:/home/xxx/debian-cis# cat etc/conf.d/1.1.1.1_disable_freevxfs.cfg
# Configuration for disable_freevxfs.sh, created from default values on Fri Oct 10 17:36:03 CST 2025
status=disabled
root@borin9:/home/xxx/debian-cis#
root@borin9:/home/xxx/debian-cis# ./bin/hardening.sh --audit
hardening [INFO] Treating /home/xxx/debian-cis/versions/default/1.1.1.1_disable_freevxfs.sh
1.1.1.1_disable_freevxfs [INFO] Working on 1.1.1.1_disable_freevxfs
1.1.1.1_disable_freevxfs [INFO] [DESCRIPTION] Disable mounting of freevxfs filesystems.
1.1.1.1_disable_freevxfs [INFO] Checking Configuration
1.1.1.1_disable_freevxfs [INFO] Performing audit
1.1.1.1_disable_freevxfs [ OK ] freevxfs is not loaded
1.1.1.1_disable_freevxfs [ KO ] freevxfs is available in some kernel config, but not disabled
1.1.1.1_disable_freevxfs [ KO ] Check Failed
root@borin9:/home/xxx/debian-cis# cat etc/conf.d/1.1.1.1_disable_freevxfs.cfg
# Configuration for disable_freevxfs.sh, created from default values on Fri Oct 10 17:36:03 CST 2025
status=audit
#305 seems to be trying to fix the issue, but I'm using the patched code, still facing a similiar issue.