sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

Added audit template change warn control

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-02-28 14:28:48 +00:00
parent 0ab1bdd120
commit 37f0eec4d4
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
2 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tasks/auditd.yml
View file

@ -13,11 +13,20 @@
group: root
mode: 0640
diff: "{{ auditd_file.stat.exists }}" # Only run diff if not a new file
register: auditd_template_updated
notify:
- Auditd immutable check
- Audit immutable fact
- Restart auditd
- name: POST | AUDITD | Add Warning count for changes to template file | Warn Count # noqa: no-handler
ansible.builtin.import_tasks: warning_facts.yml
vars:
warn_control_id: 'Auditd_template_updated-see-diff-output'
when:
- auditd_template_updated.changed
- auditd_file.stat.exists
- name: POST | AUDITD | Apply auditd template will for section 4.1.3 - only required rules will be added | stat file
ansible.builtin.stat:
path: /etc/audit/rules.d/98_auditd_exceptions.rules