Make auditd process a var

Question

Make auditd process a var

bordenit opened this issue 2 years ago · comments

BordenIT, LLC Admin commented 2 years ago

Feature Request or Enhancement

Feature []
Enhancement [ x ]

Summary of Request
The audit daemon is not always auditd, instead of restarting auditd, or notifying auditd, consider replacing with "{{ audit_daemon_service | default ('auditd') }}". The STIG says, "the audit daemon must be restarted for the changes to take effect." This is not specific to auditd.

Describe alternatives you've considered
Manually editing file.

Suggested Code
Please provide any code you have in mind to fulfill the request

BordenIT, LLC Admin · Answer 1 · Fri Jun 10 2022 23:08:40 GMT+0800 (China Standard Time)

auditctl might not be pointing to auditd, but another process. Without this var option the handler to restart auditd will fail, since in some cases auditd should not be started. However, the auditd rules when being scanned by vulnerability scanner can still be applied with the auditd tag, and the playbook can finish if this var is added.

uk-bolly · Answer 2 · Fri Mar 03 2023 16:17:09 GMT+0800 (China Standard Time)

hi @bordenit

Thank you again for raising this issue. This has now been merged into the devel branch. Aiming to put this into main if all is well in the next couple of weeks.

many thanks again

uk-bolly

uk-bolly · Answer 3 · Wed Apr 12 2023 16:02:04 GMT+0800 (China Standard Time)

hi @bordenit

This is merged into main a couple of weeks ago. I will close this issue, please let me know if this continues to be a problem.

thanks as always

uk-bolly