Exentsion to auditd

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2022-10-14 12:29:06 +01:00 · 2022-10-14 12:29:06 +01:00 · 1d96539637
commit 1d96539637
parent acdb56a277
2 changed files with 23 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -508,6 +508,13 @@ update_audit_template: false
 ## Advanced option found in auditd post
 allow_auditd_uid_user_exclusions: false

+
+# This can be used to configure other keys in auditd.conf
+rhel9cis_auditd_extra_conf: {}
+# Example:
+# rhel9cis_auditd_extra_conf:
+#     admin_space_left: '10%'
+
 ## Preferred method of logging
 ## Whether rsyslog or journald preferred method for local logging
 ## Affects rsyslog cis 4.2.1.3 and journald cis 4.2.2.5
--- a/tasks/section_4/cis_4.1.2.x.yml
+++ b/tasks/section_4/cis_4.1.2.x.yml
@ -51,3 +51,19 @@
      - patch
      - auditd
      - rule_4.1.2.3
+
+- name: PATCH | Configure other keys for auditd.conf
+  lineinfile:
+      path: /etc/audit/auditd.conf
+      regexp: "^{{ item }}( |=)"
+      line: "{{ item }} = {{ rhel9cis_auditd_extra_conf[item] }}"
+  loop: "{{ rhel9cis_auditd_extra_conf.keys() }}"
+  notify: restart auditd
+  when:
+    - rhel9cis_auditd_extra_conf.keys() | length > 0
+  tags:
+      - level2-server
+      - level2-workstation
+      - automated
+      - patch
+      - auditd