sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

new control option due to space on auditing

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2022-07-25 14:53:05 +01:00
parent 595b952089
commit d3f2677fd5
No known key found for this signature in database
GPG key ID: F734FDFC154B83FB
2 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tasks/auditd.yml
View file

@ -8,6 +8,17 @@
register: audit_rules_updated register: audit_rules_updated
notify: restart auditd notify: restart auditd
- name: POST | Set up auditd user logging exceptions
template:
src: audit/98_auditd_exception.rules.j2
dest: /etc/audit/rules.d/98_auditd_exceptions.rules
owner: root
group: root
mode: 0600
notify: restart auditd
when: allow_auditd_uid_user_exclusions
- name: POST | AUDITD | Discover if auditd immutable - Set reboot required if auditd immutable - name: POST | AUDITD | Discover if auditd immutable - Set reboot required if auditd immutable
block: block:
- name: POST | AUDITD | Discover if auditd immutable - will require reboot if auditd template applied - name: POST | AUDITD | Discover if auditd immutable - will require reboot if auditd template applied

8
templates/audit/98_auditd_exception.rules.j2 Normal file
View file

@ -0,0 +1,8 @@
## This file is managed by Ansible, YOUR CHANGED WILL BE LOST!
# This file contains users whose actions are not logged by auditd
{% if allow_auditd_uid_user_exclusions %}
{% for user in rhel8cis_auditd_uid_exclude %}
-F uid!={{ user }}
{% endfor %}
{% endif %}