From c697431c0075c6ea1fb2dd7423e9fa1b4047892c Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Fri, 29 Jul 2022 18:35:54 +0100 Subject: [PATCH] Aded comments to each control for auditd Signed-off-by: Mark Bolwell --- tasks/section_4/cis_4.1.3.x.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tasks/section_4/cis_4.1.3.x.yml b/tasks/section_4/cis_4.1.3.x.yml index c05b93c..40a7517 100644 --- a/tasks/section_4/cis_4.1.3.x.yml +++ b/tasks/section_4/cis_4.1.3.x.yml @@ -1,5 +1,6 @@ --- +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.1 | PATCH | Ensure changes to system administration scope (sudoers) is collected" set_fact: update_audit_template: true @@ -13,6 +14,7 @@ - auditd - rule_4.1.3.1 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.2 | PATCH | Ensure actions as another user are always logged" set_fact: update_audit_template: true @@ -26,6 +28,7 @@ - auditd - rule_4.1.3.2 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.3 | PATCH | Ensure events that modify the sudo log file are collected" set_fact: update_audit_template: true @@ -39,6 +42,7 @@ - auditd - rule_4.1.3.3 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.4 | PATCH | Ensure events that modify date and time information are collected" set_fact: update_audit_template: true @@ -52,6 +56,7 @@ - auditd - rule_4.1.3.4 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.5 | PATCH | Ensure events that modify the system's network environment are collected" set_fact: update_audit_template: true @@ -65,6 +70,7 @@ - auditd - rule_4.1.3.5 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.6 | PATCH | Ensure use of privileged commands is collected" block: - name: "4.1.3.6 | PATCH | Ensure use of privileged commands is collected" @@ -88,6 +94,7 @@ - auditd - rule_4.1.3.6 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.7 | PATCH | Ensure unsuccessful unauthorized file access attempts are collected" set_fact: update_audit_template: true @@ -101,6 +108,7 @@ - auditd - rule_4.1.3_7 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.8 | PATCH | Ensure events that modify user/group information are collected" set_fact: update_audit_template: true @@ -114,6 +122,7 @@ - auditd - rule_4.1.3.8 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.9 | PATCH | Ensure discretionary access control permission modification events are collected" set_fact: update_audit_template: true @@ -127,6 +136,7 @@ - auditd - rule_4.1.3.9 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.10 | PATCH | Ensure successful file system mounts are collected" set_fact: update_audit_template: true @@ -140,6 +150,7 @@ - auditd - rule_4.1.3.10 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.11 | PATCH | Ensure session initiation information is collected" set_fact: update_audit_template: true @@ -153,6 +164,7 @@ - auditd - rule_4.1.3.11 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.12 | PATCH | Ensure login and logout events are collected" set_fact: update_audit_template: true @@ -166,6 +178,7 @@ - auditd - rule_4.1.3.12 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.13 | PATCH | Ensure file deletion events by users are collected" set_fact: update_audit_template: true @@ -178,6 +191,7 @@ - patch - rule_4.1.3.13 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.14 | PATCH | Ensure events that modify the system's Mandatory Access Controls are collected" set_fact: update_audit_template: true @@ -191,6 +205,7 @@ - auditd - rule_4.1.3.14 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.15 | PATCH | Ensure successful and unsuccessful attempts to use the chcon command are recorded" set_fact: update_audit_template: true @@ -204,6 +219,7 @@ - auditd - rule_4.1.3.15 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.16 | PATCH | Ensure successful and unsuccessful attempts to use the setfacl command are recorded" set_fact: update_audit_template: true @@ -217,6 +233,7 @@ - auditd - rule_4.1.3.16 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.17 | PATCH | Ensure successful and unsuccessful attempts to use the chacl command are recorded" set_fact: update_audit_template: true @@ -230,6 +247,7 @@ - auditd - rule_4.1.3.17 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.18 | PATCH | Ensure successful and unsuccessful attempts to use the usermod command are recorded" set_fact: update_audit_template: true @@ -243,6 +261,7 @@ - auditd - rule_4.1.3.18 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.19 | PATCH | Ensure kernel module loading and unloading is collected" set_fact: update_audit_template: true @@ -256,6 +275,7 @@ - auditd - rule_4.1.3.19 +# All changes selected are managed by the POST audit and handlers to update - name: "4.1.3.20 | PATCH | Ensure the audit configuration is immutable" set_fact: update_audit_template: true