ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-25 14:43:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
RHEL9-CIS/tasks/section_6/cis_6.3.4.x.yml
Mark Bolwell 3b346f7fe1
initial v2 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2024-07-24 14:05:46 +01:00

167 lines
4.2 KiB
YAML
Raw Blame History

---
- name: "6.3.4.1 | PATCH | Ensure the audit log file directory mode is configured"
when:
- rhel9cis_rule_6_3_4_1
tags:
- level2-server
- level2-workstation
- patch
- auditd
- rule_6.3.4.1
- NIST800-53R5_AU-3
block:
- name: "6.3.4.1 | AUDIT | Ensure the audit log file directory mode is configured | get current permissions"
ansible.builtin.stat:
path: "{{ audit_discovered_logfile.stdout | dirname }}"
register: auditlog_dir
- name: "6.3.4.1 | PATCH | Ensure the audit log file directory mode is configured | set"
ansible.builtin.file:
path: "{{ audit_discovered_logfile.stdout | dirname }}"
state: directory
mode: 'g-w,o-rwx'
- name: |
"6.3.4.2 | PATCH | Ensure audit log files mode is configured"
"6.3.4.3 | PATCH | Ensure audit log files owner is configured"
"6.3.4.4 | PATCH | Ensure only authorized groups are assigned ownership of audit log files"
when:
- rhel9cis_rule_6_3_4_2 or
rhel9cis_rule_6_3_4_3 or
rhel9cis_rule_6_3_4_4
tags:
- level2-server
- level2-workstation
- patch
- auditd
- rule_6.3.4.1
- rule_6.3.4.2
- rule_6.3.4.3
- NIST800-53R5_AU-3
block:
- name: "6.3.4.2 | AUDIT | Ensure audit log files mode is configured | discover file"
ansible.builtin.shell: grep ^log_file /etc/audit/auditd.conf | awk '{ print $NF }'
changed_when: false
register: audit_discovered_logfile
- name: |
"6.3.4.2 | PATCH | Ensure audit log files mode is configured"
"6.3.4.3 | PATCH | Ensure audit log files owner is configured"
"6.3.4.4 | PATCH | Ensure audit log files group owner is configured"
ansible.builtin.file:
path: "{{ audit_discovered_logfile.stdout }}"
mode: 'o-x,g-wx,o-rwx'
owner: root
group: root
- name: "6.3.4.5 | PATCH | Ensure audit configuration files mode is configured"
when:
- rhel9cis_rule_6_3_4_5
tags:
- level2-server
- level2-workstation
- patch
- auditd
- rule_6.3.4.5
ansible.builtin.file:
path: "{{ item.path }}"
mode: 'u-x,g-wx,o-rwx'
loop: "{{ auditd_conf_files.files }}"
loop_control:
label: "{{ item.path }}"
- name: "6.3.4.6 | PATCH | Ensure audit configuration files owner is configured"
when:
- rhel9cis_rule_6_3_4_6
tags:
- level2-server
- level2-workstation
- patch
- auditd
- rule_6.3.4.6
ansible.builtin.file:
path: "{{ item.path }}"
owner: root
loop: "{{ auditd_conf_files.files | default([]) }}"
loop_control:
label: "{{ item.path }}"
- name: "6.3.4.7 | PATCH | Ensure audit configuration files group owner is configured"
when:
- rhel9cis_rule_6_3_4_7
tags:
- level2-server
- level2-workstation
- patch
- auditd
- rule_6.3.4.7
ansible.builtin.file:
path: "{{ item.path }}"
group: root
loop: "{{ auditd_conf_files.files | default([]) }}"
loop_control:
label: "{{ item.path }}"
- name: "6.3.4.8 | PATCH | Ensure audit tools mode is configured"
when:
- rhel9cis_rule_6_3_4_8
tags:
- level2-server
- level2-workstation
- patch
- auditd
- rule_6.3.4.8
- NIST800-53R5_AU-3
ansible.builtin.file:
path: "{{ item.item }}"
mode: 'go-w'
loop:
- /sbin/auditctl
- /sbin/aureport
- /sbin/ausearch
- /sbin/autrace
- /sbin/auditd
- /sbin/augenrules
- name: "6.3.4.9 | PATCH | Ensure audit tools owner is configured"
when:
- rhel9cis_rule_6_3_4_9
tags:
- level2-server
- level2-workstation
- patch
- auditd
- rule_6.3.4.9
ansible.builtin.file:
path: "{{ item }}"
owner: root
group: root
loop:
- /sbin/auditctl
- /sbin/aureport
- /sbin/ausearch
- /sbin/autrace
- /sbin/auditd
- /sbin/augenrules
- name: "6.3.4.10 | PATCH | Ensure audit tools group owner is configured"
when:
- rhel9cis_rule_6_3_4_10
tags:
- level2-server
- level2-workstation
- patch
- auditd
- rule_6.3.4.10
- NIST800-53R5_AU-3
ansible.builtin.file:
path: "{{ item }}"
group: root
loop:
- /sbin/auditctl
- /sbin/aureport
- /sbin/ausearch
- /sbin/autrace
- /sbin/auditd
- /sbin/augenrules
Reference in a new issue View git blame Copy permalink