2022-01-07 09:06:18 +00:00
---
2022-03-30 16:18:11 +01:00
- name : "4.1.1.1 | PATCH | Ensure auditd is installed"
2022-01-07 09:06:18 +00:00
block :
2022-03-30 16:18:11 +01:00
- name : "4.1.1.1 | PATCH | Ensure auditd is installed | Install auditd packages"
2023-01-12 13:47:13 +00:00
ansible.builtin.package :
2022-01-07 09:06:18 +00:00
name : audit
state : present
when : '"auditd" not in ansible_facts.packages'
2022-03-30 16:18:11 +01:00
- name : "4.1.1.1 | PATCH | Ensure auditd is installed | Install auditd-lib packages"
2023-01-12 13:47:13 +00:00
ansible.builtin.package :
2022-01-07 09:06:18 +00:00
name : audit-libs
state : present
when : '"auditd-lib" not in ansible_facts.packages'
when :
- rhel9cis_rule_4_1_1_1
tags :
- level2-server
- level2-workstation
- patch
2022-02-02 11:25:03 +00:00
- auditd
2022-03-30 16:18:11 +01:00
- rule_4.1.1.1
2022-01-07 09:06:18 +00:00
2023-01-12 11:38:53 +00:00
- name : "4.1.1.2 | PATCH | Ensure auditing for processes that start prior to auditd is enabled"
2022-01-07 09:06:18 +00:00
block :
2024-01-26 16:52:28 +02:00
- name : "4.1.1.2 | PATCH | Ensure auditing for processes that start prior to auditd is enabled | Grubby existence of current value"
ansible.builtin.shell : grubby --info=ALL | grep args | grep -o -E "audit=([[:digit:]])+" | grep -o -E "([[:digit:]])+"
2022-01-07 09:06:18 +00:00
changed_when : false
failed_when : false
2022-09-16 11:34:42 +01:00
check_mode : false
2024-01-26 16:52:28 +02:00
register : rhel9cis_4_1_1_2_grubby_curr_value_audit_linux
2022-01-07 09:06:18 +00:00
2024-01-26 16:52:28 +02:00
- name : "4.1.1.2 | PATCH | Ensure auditing for processes that start prior to auditd is enabled | Grubby update, if needed"
ansible.builtin.shell : grubby --update-kernel=ALL --args="audit=1"
when :
2024-01-31 21:31:14 +02:00
- rhel9cis_4_1_1_2_grubby_curr_value_audit_linux is not defined or rhel9cis_4_1_1_2_grubby_curr_value_audit_linux | int != 1
2022-01-07 09:06:18 +00:00
when :
2023-01-12 11:38:53 +00:00
- rhel9cis_rule_4_1_1_2
2022-01-07 09:06:18 +00:00
tags :
- level2-server
- level2-workstation
- patch
2022-03-30 16:18:11 +01:00
- auditd
- grub
2023-01-12 11:38:53 +00:00
- rule_4.1.1.2
2022-01-07 09:06:18 +00:00
2023-01-12 11:38:53 +00:00
- name : "4.1.1.3 | PATCH | Ensure audit_backlog_limit is sufficient"
2022-01-07 09:06:18 +00:00
block :
2024-01-26 16:52:28 +02:00
- name : "4.1.1.3 | AUDIT | Ensure audit_backlog_limit is sufficient | Grubby existence of current value"
ansible.builtin.shell : grubby --info=ALL | grep args | grep -o -E "audit_backlog_limit=([[:digit:]])+" | grep -o -E "([[:digit:]])+"
2022-01-07 09:06:18 +00:00
changed_when : false
failed_when : false
2022-09-16 11:34:42 +01:00
check_mode : false
2024-01-26 16:52:28 +02:00
register : rhel9cis_4_1_1_3_grubby_curr_value_backlog_linux
2022-01-07 09:06:18 +00:00
2024-01-26 16:52:28 +02:00
- name : "4.1.1.3 | AUDIT | Ensure audit_backlog_limit is sufficient | Grubby update, if needed"
ansible.builtin.shell : grubby --update-kernel=ALL --args="audit_backlog_limit={{ rhel9cis_audit_back_log_limit }}"
when :
2024-01-31 21:31:14 +02:00
- rhel9cis_4_1_1_2_grubby_curr_value_audit_linux is not defined or rhel9cis_4_1_1_2_grubby_curr_value_audit_linux.stdout | int < rhel9cis_audit_back_log_limit
2022-01-07 09:06:18 +00:00
when :
2023-01-12 11:38:53 +00:00
- rhel9cis_rule_4_1_1_3
2022-01-07 09:06:18 +00:00
tags :
- level2-server
- level2-workstation
- patch
2022-02-02 11:25:03 +00:00
- auditd
2022-03-30 16:18:11 +01:00
- grub
2023-01-12 11:38:53 +00:00
- rule_4.1.1.3
- name : "4.1.1.4 | PATCH | Ensure auditd service is enabled"
2023-01-12 13:47:13 +00:00
ansible.builtin.systemd :
2023-01-12 11:38:53 +00:00
name : auditd
state : started
enabled : true
when :
- rhel9cis_rule_4_1_1_4
tags :
- level2-server
- level2-workstation
- patch
- auditd
2022-01-07 09:06:18 +00:00
- rule_4.1.1.4
