sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

task change

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-12 13:38:37 +00:00
parent b347e5dd00
commit 572f14ef6b
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
1 changed files with 12 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

18
tasks/section_1/cis_1.3.x.yml
View file

@ -48,12 +48,18 @@
- patch
- rule_1.3.2
- name: "1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools"
ansible.builtin.template:
src: etc/aide.conf.d/crypt_audit_procs.conf.j2
dest: /etc/aide.conf.d/crypt_audit_procs.conf
owner: root
group: 0640
- name: "1.3.3 | Ensure cryptographic mechanisms are used to protect the integrity of audit tools"
ansible.builtin.blockinfile:
path: /etc/aide.conf
marker: "# {mark} Audit tools (CIS - Ansible)"
block: |
/sbin/auditctl p+i+n+u+g+s+b+acl+xattrs+sha512
/sbin/auditd p+i+n+u+g+s+b+acl+xattrs+sha512
/sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512
/sbin/aureport p+i+n+u+g+s+b+acl+xattrs+sha512
/sbin/ausearch p+i+n+u+g+s+b+acl+xattrs+sha512
/sbin/autrace p+i+n+u+g+s+b+acl+xattrs+sha512
validate: aide -D --config %s
when:
- rhel9cis_rule_1_3_2
- not system_is_ec2