openstack
/
ansible-hardening
Code Issues Proposed changes

Add network conf auditing on CentOS 

This patch adds in auditing for /etc/sysconfig/network.

Closes-bug: 1622674
Change-Id: I0de15a130161ed1f8a6bdb2a7de33c55b91d6609
This commit is contained in:
Major Hayden 2016-09-12 14:51:58 -05:00
parent 79eeaa43fb
commit c93b1676cc
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
templates/osas-auditd.j2
View File

@ -61,8 +61,12 @@
-w /etc/issue -p wa -k audit_network_modifications-V-38540
-w /etc/issue.net -p wa -k audit_network_modifications-V-38540
-w /etc/hosts -p wa -k audit_network_modifications-V-38540
{% if ansible_os_family == "RedHat" %}
-w /etc/sysconfig/network -p wa -k audit_network_modifications-V-38540
{% elif ansible_os_family == "Debian" %}
-w /etc/network -p wa -k audit_network_modifications-V-38540
{% endif %}
{% endif %}
{% if linux_security_module == 'apparmor' and security_audit_mac_changes | bool %}
# RHEL 6 STIG V-38541