Skip to content

Commit

Permalink
Merge pull request #810 from dev-sec/audit_name
Browse files Browse the repository at this point in the history
Add variable to set name_format for auditd
  • Loading branch information
schurzi authored Oct 22, 2024
2 parents b6d11a0 + f70a74f commit 5d95dc7
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 1 deletion.
1 change: 1 addition & 0 deletions roles/os_hardening/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -348,6 +348,7 @@ os_auditd_disk_error_action: SUSPEND
os_auditd_action_mail_acct: root
os_auditd_log_group: root
os_auditd_num_logs: 5
os_auditd_name_format: NONE

# Set the SELinux state, which can be either disabled, permissive, or enforcing.
os_selinux_state: enforcing
Expand Down
10 changes: 10 additions & 0 deletions roles/os_hardening/meta/argument_specs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,16 @@ argument_specs:
description: This keyword specifies the maximum file size in megabytes. When
this limit is reached, it will trigger a configurable action. The value
given must be numeric.
os_auditd_name_format:
default: NONE
type: str
description: This keyword specifies how computer node names are inserted
into the audit event stream.
choices:
- NONE
- hostname
- fqd
- numeric
os_auditd_num_logs:
default: 5
type: int
Expand Down
2 changes: 1 addition & 1 deletion roles/os_hardening/templates/etc/audit/auditd.conf.j2
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ freq = {{ os_auditd_freq }}
num_logs = {{ os_auditd_num_logs }}
disp_qos = lossy
dispatcher = /sbin/audispd
name_format = NONE
name_format = {{ os_auditd_name_format }}
max_log_file = {{ os_auditd_max_log_file }}
max_log_file_action = {{ os_auditd_max_log_file_action }}
space_left = {{ os_auditd_space_left }}
Expand Down

0 comments on commit 5d95dc7

Please sign in to comment.