mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-22 05:01:27 +00:00
linting
This commit is contained in:
nazunalika
parent
e2626acf9f
commit
ee72d1960f
@ -13,3 +13,12 @@
|
|||||||
service:
|
service:
|
||||||
name: NetworkManager
|
name: NetworkManager
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
|
- name: regenerate_auditd_rules
|
||||||
|
command: /sbin/augenrules
|
||||||
|
|
||||||
|
- name: restart_auditd
|
||||||
|
service:
|
||||||
|
name: auditd
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
|||||||
@ -35,4 +35,7 @@
|
|||||||
file:
|
file:
|
||||||
path: /var/log/ansible.run
|
path: /var/log/ansible.run
|
||||||
state: touch
|
state: touch
|
||||||
|
mode: '0644'
|
||||||
|
user: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
|||||||
@ -21,6 +21,9 @@
|
|||||||
- name: security limits
|
- name: security limits
|
||||||
copy:
|
copy:
|
||||||
dest: "/etc/security/limits.d/cis.conf"
|
dest: "/etc/security/limits.d/cis.conf"
|
||||||
|
user: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
content: |
|
content: |
|
||||||
* hard core 0
|
* hard core 0
|
||||||
|
|
||||||
@ -109,27 +112,29 @@
|
|||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
- harden
|
- harden
|
||||||
|
|
||||||
- name: Ensure auditd buffer is OK
|
- name: Ensure auditd buffer is OK
|
||||||
replace:
|
replace:
|
||||||
path: /etc/audit/rules.d/audit.rules
|
path: /etc/audit/rules.d/audit.rules
|
||||||
regexp: '-b \d+'
|
regexp: '-b \d+'
|
||||||
replace: '-b {{ audit_buffer }}'
|
replace: '-b {{ audit_buffer }}'
|
||||||
notify:
|
notify:
|
||||||
- regenerate auditd rules
|
- regenerate_auditd_rules
|
||||||
tags:
|
|
||||||
- harden
|
|
||||||
|
|
||||||
- name: Ensure collection audit rules are available
|
|
||||||
template:
|
|
||||||
src: "etc/audit/rules.d/collection.rules.j2"
|
|
||||||
dest: "/etc/audit/rules.d/collection.rules"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
backup: yes
|
|
||||||
notify:
|
|
||||||
- regenerate auditd rules
|
|
||||||
- restart auditd
|
|
||||||
tags:
|
tags:
|
||||||
- harden
|
- harden
|
||||||
|
|
||||||
|
# Leaving this out for now as we don't know the implications of the audit rules
|
||||||
|
# on build systems yet.
|
||||||
|
# - name: Ensure collection audit rules are available
|
||||||
|
# template:
|
||||||
|
# src: "etc/audit/rules.d/collection.rules.j2"
|
||||||
|
# dest: "/etc/audit/rules.d/collection.rules"
|
||||||
|
# owner: root
|
||||||
|
# group: root
|
||||||
|
# backup: yes
|
||||||
|
# notify:
|
||||||
|
# - regenerate_auditd rules
|
||||||
|
# - restart_auditd
|
||||||
|
# tags:
|
||||||
|
# - harden
|
||||||
|
|
||||||
|
|||||||
@ -23,6 +23,7 @@
|
|||||||
dest: "/etc/rockybanner"
|
dest: "/etc/rockybanner"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
mode: '0644'
|
||||||
notify: restart_ssh
|
notify: restart_ssh
|
||||||
|
|
||||||
- name: Remove dsa keys
|
- name: Remove dsa keys
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user