Merge "Set action_email_acct in auditd [+Docs]"

doc/metadata/rhel7/RHEL-07-030352.rst

@@ -1,7 +1,14 @@
 ---
 id: RHEL-07-030352
-status: not implemented
-tag: misc
+status: implemented
+tag: auditd
 ---
 
-This STIG requirement is not yet implemented.
+The ``action_mail_acct`` configuration in the audit daemon configuration file
+is set to ``root`` to meet the requirements of the STIG. Deployers can
+customize the recipient of the emails that come from auditd by setting the
+following Ansible variable:
+
+.. code-block:: yaml
+
+    security_rhel7_auditd_action_mail_acct: root

tasks/rhel7stig/auditd.yml

@@ -159,6 +159,9 @@
     - high
     - auditd
     - RHEL-07-030340
+    - RHEL-07 030350
+    - RHEL-07 030351
+    - RHEL-07 030352
 
 - name: Ensure auditd is running and enabled at boot time
   service:

vars/common.yml

@@ -34,6 +34,9 @@ auditd_config:
   - parameter: space_left_action
     value: "{{ security_rhel7_auditd_space_left_action }}"
     config: /etc/audit/auditd.conf
+  - parameter: action_mail_acct
+    value: "{{ security_rhel7_auditd_action_mail_acct }}"
+    config: /etc/audit/auditd.conf
 
 ## auditd rules
 # This variable is used in tasks/rhel7stig/auditd.yml to deploy auditd rules