mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-12-22 10:58:29 +00:00
linting
This commit is contained in:
parent
e2626acf9f
commit
ee72d1960f
@ -13,3 +13,12 @@
|
||||
service:
|
||||
name: NetworkManager
|
||||
state: reloaded
|
||||
|
||||
- name: regenerate_auditd_rules
|
||||
command: /sbin/augenrules
|
||||
|
||||
- name: restart_auditd
|
||||
service:
|
||||
name: auditd
|
||||
state: restarted
|
||||
|
||||
|
@ -35,4 +35,7 @@
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
user: root
|
||||
group: root
|
||||
|
||||
|
@ -21,6 +21,9 @@
|
||||
- name: security limits
|
||||
copy:
|
||||
dest: "/etc/security/limits.d/cis.conf"
|
||||
user: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
content: |
|
||||
* hard core 0
|
||||
|
||||
@ -109,27 +112,29 @@
|
||||
state: present
|
||||
tags:
|
||||
- harden
|
||||
|
||||
|
||||
- name: Ensure auditd buffer is OK
|
||||
replace:
|
||||
path: /etc/audit/rules.d/audit.rules
|
||||
regexp: '-b \d+'
|
||||
replace: '-b {{ audit_buffer }}'
|
||||
notify:
|
||||
- regenerate auditd rules
|
||||
tags:
|
||||
- harden
|
||||
|
||||
- name: Ensure collection audit rules are available
|
||||
template:
|
||||
src: "etc/audit/rules.d/collection.rules.j2"
|
||||
dest: "/etc/audit/rules.d/collection.rules"
|
||||
owner: root
|
||||
group: root
|
||||
backup: yes
|
||||
notify:
|
||||
- regenerate auditd rules
|
||||
- restart auditd
|
||||
- regenerate_auditd_rules
|
||||
tags:
|
||||
- harden
|
||||
|
||||
# Leaving this out for now as we don't know the implications of the audit rules
|
||||
# on build systems yet.
|
||||
# - name: Ensure collection audit rules are available
|
||||
# template:
|
||||
# src: "etc/audit/rules.d/collection.rules.j2"
|
||||
# dest: "/etc/audit/rules.d/collection.rules"
|
||||
# owner: root
|
||||
# group: root
|
||||
# backup: yes
|
||||
# notify:
|
||||
# - regenerate_auditd rules
|
||||
# - restart_auditd
|
||||
# tags:
|
||||
# - harden
|
||||
|
||||
|
@ -23,6 +23,7 @@
|
||||
dest: "/etc/rockybanner"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: restart_ssh
|
||||
|
||||
- name: Remove dsa keys
|
||||
|
Loading…
Reference in New Issue
Block a user