ansible-ops-management/tasks/auditd.yml
2023-08-14 00:34:58 -07:00

44 lines
1 KiB
YAML

---
- name: Ensure auditd is installed
ansible.builtin.package:
name: audit
state: present
tags:
- harden
- name: Ensure auditd is enabled
ansible.builtin.service:
name: auditd
enabled: true
- name: Ensure auditd buffer is OK
ansible.builtin.replace:
path: /etc/audit/rules.d/audit.rules
regexp: '-b \d+'
replace: '-b {{ audit_buffer }}'
notify:
- regenerate_auditd_rules
tags:
- harden
- name: Collect specific executables for dynamic list
ansible.builtin.command: "find /usr/bin /usr/sbin /usr/lib /usr/libexec -xdev -perm /6000 -type f"
register: exec_find_output
- name: Set variable for above collection
ansible.builtin.set_fact:
audit_suid_list: "{{ exec_find_output.stdout_lines }}"
- name: Ensure collection audit rules are available
ansible.builtin.template:
src: "etc/audit/rules.d/collection.rules.j2"
dest: "/etc/audit/rules.d/collection.rules"
owner: root
group: root
mode: '0600'
backup: true
notify:
- regenerate_auditd_rules
tags:
- harden
...