ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

updated layout

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-02-26 12:26:58 +00:00
parent ed1bc1c074
commit 8cd7d765c5
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
templates/audit/99_auditd.rules.j2
View file

@ -37,6 +37,7 @@
{% for syscall in syscalls %}
{% if syscall in supported_syscalls %}
{{ arch_syscalls.append(syscall) }}
-a always,exit -F arch=b32 -S {{ arch_syscalls|join(',') }} -F a0=0x0 -k time-change
-a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -F a0=0x0 -k time-change
{% endif %}
{% endfor %}
@ -50,8 +51,8 @@
{{ arch_syscalls.append(syscall) }}
{% endif %}
{% endfor %}
-a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -k system-locale
-a always,exit -F arch=b32 -S {{ arch_syscalls|join(',') }} -k system-locale
-a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -k system-locale
-a always,exit -F arch=b32 -S {{ arch_syscalls|join(',') }} -k system-locale
-w /etc/issue -p wa -k system-locale
-w /etc/issue.net -p wa -k system-locale
-w /etc/hosts -p wa -k system-locale
@ -178,7 +179,7 @@
-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>={{ prelim_min_int_uid }} -F auid!=unset -k perm_chng
{% endif %}
{% if rhel9cis_rule_6_3_3_17 %}
-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>={{ prelim_min_int_uid }} -F auid!=unset -k priv_chng
-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>={{ prelim_min_int_uid }} -F auid!=unset -k perm_chng
{% endif %}
{% if rhel9cis_rule_6_3_3_18 %}
-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>={{ prelim_min_int_uid }} -F auid!=unset -k usermod