Skip to content

Commit

Permalink
Merge pull request #12549 from ggbecker/fix-rhel10-audit-rules
Browse files Browse the repository at this point in the history 
Update audit_rules_suid_privilege_function to use ExecStart instead of ExecStartPost
  • Loading branch information
@Mab879
Mab879 authored Nov 4, 2024
2 parents 24d7ff3 + d13c361 commit bd5118a
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion ...diting/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,20 @@

{{% set rx_end = "(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$" %}}

{{% if product == 'rhel10' %}}
{{% set audit_loading_systemd_directive="ExecStart" %}}
{{% set audit_loading_service_file="audit-rules.service" %}}
{{% else %}}
{{% set audit_loading_systemd_directive="ExecStartPost" %}}
{{% set audit_loading_service_file="auditd.service" %}}
{{% endif %}}

- name: Service facts
ansible.builtin.service_facts:

- name: Check the rules script being used
ansible.builtin.command:
grep '^ExecStartPost' /usr/lib/systemd/system/auditd.service
grep '^{{{ audit_loading_systemd_directive }}}' /usr/lib/systemd/system/{{{ audit_loading_service_file }}}
register: check_rules_scripts_result
changed_when: false
failed_when: false
Expand Down

0 comments on commit bd5118a

Please sign in to comment.