ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 23:43:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

updates for audit section

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-04-15 09:29:19 +01:00
parent f83e73c1a1
commit 05fee15cb4
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
5 changed files with 74 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

22
vars/audit.yml
View file

@ -2,6 +2,9 @@
#### Audit Configuration Settings ####
# Timeout for those cmds that take longer to run where timeout set
audit_cmd_timeout: 120000
# if get_audit_binary_method == download change accordingly
audit_bin_url: "https://github.com/goss-org/goss/releases/download/{{ audit_bin_version.release }}/goss-linux-"
@ -9,17 +12,15 @@ audit_bin_url: "https://github.com/goss-org/goss/releases/download/{{ audit_bin_
## managed by the control audit_content
# git
audit_file_git: "https://github.com/ansible-lockdown/{{ benchmark }}-Audit.git"
audit_git_version: "benchmark_{{ benchmark_version }}"
audit_git_version: "benchmark-{{ benchmark_version }}"
## Goss configuration information
# Where the goss configs and outputs are stored
audit_out_dir: '/opt'
# Where the goss audit configuration will be stored
audit_conf_dir: "{{ audit_out_dir }}/{{ benchmark }}-Audit"
# Where the goss audit configuration will be stored - NOTE benchmark-audit is expected
audit_conf_dir: "{{ audit_conf_dest | default('/opt') }}/{{ benchmark }}-Audit"
# If changed these can affect other products
pre_audit_outfile: "{{ audit_out_dir }}/{{ ansible_facts.hostname }}-{{ benchmark }}-{{ benchmark_version }}_pre_scan_{{ ansible_facts.date_time.epoch }}.{{ audit_format }}"
post_audit_outfile: "{{ audit_out_dir }}/{{ ansible_facts.hostname }}-{{ benchmark }}-{{ benchmark_version }}_post_scan_{{ ansible_facts.date_time.epoch }}.{{ audit_format }}"
pre_audit_outfile: "{{ audit_log_dir }}/{{ ansible_facts.hostname }}-{{ benchmark }}-{{ benchmark_version }}_pre_scan_{{ ansible_facts.date_time.epoch }}.{{ audit_format }}"
post_audit_outfile: "{{ audit_log_dir }}/{{ ansible_facts.hostname }}-{{ benchmark }}-{{ benchmark_version }}_post_scan_{{ ansible_facts.date_time.epoch }}.{{ audit_format }}"
## The following should not need changing
@ -33,6 +34,7 @@ audit_format: json
audit_vars_path: "{{ audit_conf_dir }}/vars/{{ ansible_facts.hostname }}.yml"
audit_results: |
The pre remediation results are: {{ pre_audit_summary }}.
The post remediation results are: {{ post_audit_summary }}.
Full breakdown can be found in {{ audit_out_dir }}
The audit results are: {{ pre_audit_summary }}
{% if not audit_only %}The post remediation audit results are: {{ post_audit_summary }}{% endif %}
Full breakdown can be found in {{ audit_log_dir }}