Make auditd process a var
bordenit opened this issue · comments
Feature Request or Enhancement
- Feature []
- Enhancement [ x ]
Summary of Request
The audit daemon is not always auditd, instead of restarting auditd, or notifying auditd, consider replacing with "{{ audit_daemon_service | default ('auditd') }}". The STIG says, "the audit daemon must be restarted for the changes to take effect." This is not specific to auditd.
Describe alternatives you've considered
Manually editing file.
Suggested Code
Please provide any code you have in mind to fulfill the request
auditctl might not be pointing to auditd, but another process. Without this var option the handler to restart auditd will fail, since in some cases auditd should not be started. However, the auditd rules when being scanned by vulnerability scanner can still be applied with the auditd tag, and the playbook can finish if this var is added.