Set space_left in auditd [+Docs]
This patch sets the `space_left` in the auditd config to 25% of the disk space on the root disk. Deployers can customize this variable. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I7a91a756fb920decbd1056e7f11f7dd548f2cac8
This commit is contained in:
parent
8268a2ead6
commit
42ca47bb41
|
@ -394,6 +394,8 @@ security_rhel7_audit_failure_flag: 1 # RHEL-07-030090
|
|||
# Set the action to take when the disk is full or network events cannot be sent.
|
||||
security_rhel7_auditd_disk_full_action: syslog # RHEL-07-030340
|
||||
security_rhel7_auditd_network_failure_action: syslog # RHEL-07-030340
|
||||
# Size of remaining disk space (in MB) that triggers alerts.
|
||||
security_rhel7_auditd_space_left: "{{ (ansible_mounts | selectattr('mount', 'equalto', '/') | map(attribute='size_total') | first * 0.25 / 1024 / 1024) | int }}" # RHEL-07-030350
|
||||
# Add audit rules for commands/syscalls.
|
||||
security_rhel7_audit_chsh: yes # RHEL-07-030525
|
||||
security_rhel7_audit_chage: yes # RHEL-07-030513
|
||||
|
|
|
@ -1,7 +1,16 @@
|
|||
---
|
||||
id: RHEL-07-030350
|
||||
status: not implemented
|
||||
tag: misc
|
||||
status: implemented
|
||||
tag: auditd
|
||||
---
|
||||
|
||||
This STIG requirement is not yet implemented.
|
||||
The ``space_left`` configuration is set to 25% of the size of the disk mounted
|
||||
on ``/``. This calculation is done automatically.
|
||||
|
||||
Deployers can set a custom threshold for the ``space_left`` configuration (in
|
||||
megabytes) by setting the following Ansible variable:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
# Example: A setting of 1GB (1024MB)
|
||||
security_rhel7_auditd_space_left: 1024
|
||||
|
|
|
@ -28,6 +28,10 @@ auditd_config:
|
|||
- parameter: network_failure_action
|
||||
value: "{{ security_rhel7_auditd_network_failure_action }}"
|
||||
config: /etc/audisp/audisp-remote.conf
|
||||
- parameter: space_left
|
||||
value: "{{ security_rhel7_auditd_space_left }}"
|
||||
config: /etc/audit/auditd.conf
|
||||
|
||||
|
||||
## auditd rules
|
||||
# This variable is used in tasks/rhel7stig/auditd.yml to deploy auditd rules
|
||||
|
|
Loading…
Reference in New Issue