Mateusz Suski
39 lines
850 B
YAML
39 lines
850 B
YAML
---
|
|
- name: Ensure audit rules directory exists
|
|
ansible.builtin.file:
|
|
path: /etc/audit/rules.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "0750"
|
|
|
|
- name: Configure audit backlog limit
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/audit/audit.rules
|
|
regexp: '^-b\s+'
|
|
line: "-b {{ cis_audit_backlog_limit }}"
|
|
create: true
|
|
owner: root
|
|
group: root
|
|
mode: "0640"
|
|
notify: restart auditd
|
|
|
|
- name: Install baseline audit rules
|
|
ansible.builtin.lineinfile:
|
|
path: "{{ cis_audit_rules_path }}"
|
|
line: "{{ item }}"
|
|
create: true
|
|
owner: root
|
|
group: root
|
|
mode: "0640"
|
|
loop: "{{ cis_audit_rules }}"
|
|
loop_control:
|
|
label: "{{ item }}"
|
|
notify: restart auditd
|
|
|
|
- name: Ensure auditd is enabled and running
|
|
ansible.builtin.systemd:
|
|
name: auditd
|
|
enabled: true
|
|
state: started
|