40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
|
---
|
||
|
|
- name: Ensure audit rules directory exists
|
||
|
|
ansible.builtin.file:
|
||
|
|
path: /etc/audit/rules.d
|
||
|
|
state: directory
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: "0750"
|
||
|
|
|
||
|
|
- name: Report audit rules management mode
|
||
|
|
ansible.builtin.debug:
|
||
|
|
msg: >-
|
||
|
|
{{ 'OK: Baseline audit rule management is enabled.'
|
||
|
|
if cis_manage_audit_rules | bool
|
||
|
|
else 'WARNING: Audit rules are not managed because cis_manage_audit_rules is false.' }}
|
||
|
|
|
||
|
|
- name: Install baseline audit rules when explicitly enabled
|
||
|
|
ansible.builtin.lineinfile:
|
||
|
|
path: "{{ cis_audit_rules_path }}"
|
||
|
|
line: "{{ item }}"
|
||
|
|
create: true
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: "0640"
|
||
|
|
loop: "{{ cis_audit_rules }}"
|
||
|
|
loop_control:
|
||
|
|
label: "{{ item }}"
|
||
|
|
when: cis_manage_audit_rules | bool
|
||
|
|
notify: restart auditd
|
||
|
|
|
||
|
|
- name: Ensure auditd is enabled and running
|
||
|
|
ansible.builtin.systemd:
|
||
|
|
name: auditd
|
||
|
|
enabled: true
|
||
|
|
state: started
|
||
|
|
when:
|
||
|
|
- cis_install_auditd | bool
|
||
|
|
- "'auditd.service' in ansible_facts.services"
|
||
|
|
- not cis_container_detected | default(false) | bool
|