sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

updated rule

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-07-25 15:25:39 +01:00
parent d3f2677fd5
commit 3c66b3f83c
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
2 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tasks/auditd.yml
View file

@ -8,7 +8,6 @@
register: audit_rules_updated register: audit_rules_updated
notify: restart auditd notify: restart auditd
- name: POST | Set up auditd user logging exceptions - name: POST | Set up auditd user logging exceptions
template: template:
src: audit/98_auditd_exception.rules.j2 src: audit/98_auditd_exception.rules.j2
@ -17,7 +16,9 @@
group: root group: root
mode: 0600 mode: 0600
notify: restart auditd notify: restart auditd
when: allow_auditd_uid_user_exclusions when:
- allow_auditd_uid_user_exclusions
- rhel9cis_auditd_uid_exclude | length > 0
- name: POST | AUDITD | Discover if auditd immutable - Set reboot required if auditd immutable - name: POST | AUDITD | Discover if auditd immutable - Set reboot required if auditd immutable
block: block:

4
templates/audit/98_auditd_exception.rules.j2
View file

@ -1,8 +1,8 @@
## This file is managed by Ansible, YOUR CHANGED WILL BE LOST! ## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
# This file contains users whose actions are not logged by auditd # This file contains users whose actions are not logged by auditd
{% if allow_auditd_uid_user_exclusions %} {% if allow_auditd_uid_user_exclusions %}
{% for user in rhel8cis_auditd_uid_exclude %} {% for user in rhel9cis_auditd_uid_exclude %}
-F uid!={{ user }} -F uid!={{ user }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}