Aded comments to each control for auditd

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2022-07-29 18:35:54 +01:00 · 2022-07-29 18:35:54 +01:00 · c697431c00
commit c697431c00
parent 6d35017059
1 changed files with 20 additions and 0 deletions
--- a/tasks/section_4/cis_4.1.3.x.yml
+++ b/tasks/section_4/cis_4.1.3.x.yml
@ -1,5 +1,6 @@
 ---

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.1 | PATCH | Ensure changes to system administration scope (sudoers) is collected"
  set_fact:
      update_audit_template: true
@ -13,6 +14,7 @@
      - auditd
      - rule_4.1.3.1

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.2 | PATCH | Ensure actions as another user are always logged"
  set_fact:
      update_audit_template: true
@ -26,6 +28,7 @@
      - auditd
      - rule_4.1.3.2

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.3 | PATCH | Ensure events that modify the sudo log file are collected"
  set_fact:
      update_audit_template: true
@ -39,6 +42,7 @@
      - auditd
      - rule_4.1.3.3

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.4 | PATCH | Ensure events that modify date and time information are collected"
  set_fact:
      update_audit_template: true
@ -52,6 +56,7 @@
      - auditd
      - rule_4.1.3.4

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.5 | PATCH | Ensure events that modify the system's network environment are collected"
  set_fact:
      update_audit_template: true
@ -65,6 +70,7 @@
      - auditd
      - rule_4.1.3.5

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.6 | PATCH | Ensure use of privileged commands is collected"
  block:
      - name: "4.1.3.6 | PATCH | Ensure use of privileged commands is collected"
@ -88,6 +94,7 @@
      - auditd
      - rule_4.1.3.6

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.7 | PATCH | Ensure unsuccessful unauthorized file access attempts are collected"
  set_fact:
      update_audit_template: true
@ -101,6 +108,7 @@
      - auditd
      - rule_4.1.3_7

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.8 | PATCH | Ensure events that modify user/group information are collected"
  set_fact:
      update_audit_template: true
@ -114,6 +122,7 @@
      - auditd
      - rule_4.1.3.8

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.9 | PATCH | Ensure discretionary access control permission modification events are collected"
  set_fact:
      update_audit_template: true
@ -127,6 +136,7 @@
      - auditd
      - rule_4.1.3.9

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.10 | PATCH | Ensure successful file system mounts are collected"
  set_fact:
      update_audit_template: true
@ -140,6 +150,7 @@
      - auditd
      - rule_4.1.3.10

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.11 | PATCH | Ensure session initiation information is collected"
  set_fact:
      update_audit_template: true
@ -153,6 +164,7 @@
      - auditd
      - rule_4.1.3.11

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.12 | PATCH | Ensure login and logout events are collected"
  set_fact:
      update_audit_template: true
@ -166,6 +178,7 @@
      - auditd
      - rule_4.1.3.12

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.13 | PATCH | Ensure file deletion events by users are collected"
  set_fact:
      update_audit_template: true
@ -178,6 +191,7 @@
      - patch
      - rule_4.1.3.13

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.14 | PATCH | Ensure events that modify the system's Mandatory Access Controls are collected"
  set_fact:
      update_audit_template: true
@ -191,6 +205,7 @@
      - auditd
      - rule_4.1.3.14

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.15 | PATCH | Ensure successful and unsuccessful attempts to use the chcon command are recorded"
  set_fact:
      update_audit_template: true
@ -204,6 +219,7 @@
      - auditd
      - rule_4.1.3.15

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.16 | PATCH | Ensure successful and unsuccessful attempts to use the setfacl command are recorded"
  set_fact:
      update_audit_template: true
@ -217,6 +233,7 @@
      - auditd
      - rule_4.1.3.16

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.17 | PATCH | Ensure successful and unsuccessful attempts to use the chacl command are recorded"
  set_fact:
      update_audit_template: true
@ -230,6 +247,7 @@
      - auditd
      - rule_4.1.3.17

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.18 | PATCH | Ensure successful and unsuccessful attempts to use the usermod command are recorded"
  set_fact:
      update_audit_template: true
@ -243,6 +261,7 @@
      - auditd
      - rule_4.1.3.18

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.19 | PATCH | Ensure kernel module loading and unloading is collected"
  set_fact:
      update_audit_template: true
@ -256,6 +275,7 @@
      - auditd
      - rule_4.1.3.19

+# All changes selected are managed by the POST audit and handlers to update
 - name: "4.1.3.20 | PATCH | Ensure the audit configuration is immutable"
  set_fact:
      update_audit_template: true