ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Added audit template change warn control

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-02-28 14:28:48 +00:00
parent 0ab1bdd120
commit 37f0eec4d4
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
2 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Changelog.md
View file

@ -3,6 +3,7 @@
## 1.0.3
Update to auditd components improve idempotency and tidy up
Added a warning to check diff if any changes to template file (if template file exists) else its new.
workflow update to remove the urandom update
skip 5.6.6 root password check

9
tasks/auditd.yml
View file

@ -13,11 +13,20 @@
group: root
mode: 0640
diff: "{{ auditd_file.stat.exists }}" # Only run diff if not a new file
register: auditd_template_updated
notify:
- Auditd immutable check
- Audit immutable fact
- Restart auditd
- name: POST | AUDITD | Add Warning count for changes to template file | Warn Count # noqa: no-handler
ansible.builtin.import_tasks: warning_facts.yml
vars:
warn_control_id: 'Auditd_template_updated-see-diff-output'
when:
- auditd_template_updated.changed
- auditd_file.stat.exists
- name: POST | AUDITD | Apply auditd template will for section 4.1.3 - only required rules will be added | stat file
ansible.builtin.stat:
path: /etc/audit/rules.d/98_auditd_exceptions.rules