ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 22:23:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

fixed thanks to @brent-bean #301

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2025-02-26 11:27:36 +00:00
parent 40078515fe
commit d6fb1734e3
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
templates/audit/99_auditd.rules.j2
View file

@ -23,6 +23,7 @@
-w {{ rhel9cis_sudolog_location }} -p wa -k sudo_log_file -w {{ rhel9cis_sudolog_location }} -p wa -k sudo_log_file
{% endif %} {% endif %}
{% if rhel9cis_rule_6_3_3_4 %} {% if rhel9cis_rule_6_3_3_4 %}
{% set syscalls = ["adjtimex","settimeofday"] %}
{% set arch_syscalls = [] %} {% set arch_syscalls = [] %}
{% for syscall in syscalls %} {% for syscall in syscalls %}
{% if syscall in supported_syscalls %} {% if syscall in supported_syscalls %}
@ -31,6 +32,14 @@
{% endfor %} {% endfor %}
-a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -k time-change -a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -k time-change
-a always,exit -F arch=b32 -S {{ arch_syscalls|join(',') }} -k time-change -a always,exit -F arch=b32 -S {{ arch_syscalls|join(',') }} -k time-change
{% set syscalls = ["clock_settime"] %}
{% set arch_syscalls = [] %}
{% for syscall in syscalls %}
{% if syscall in supported_syscalls %}
{{ arch_syscalls.append(syscall) }}
-a always,exit -F arch=b64 -S {{ arch_syscalls|join(',') }} -F a0=0x0 -k time-change
{% endif %}
{% endfor %}
-w /etc/localtime -p wa -k time-change -w /etc/localtime -p wa -k time-change
{% endif %} {% endif %}
{% if rhel9cis_rule_6_3_3_5 %} {% if rhel9cis_rule_6_3_3_5 %}