Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update audit_rules_suid_privilege_function to use ExecStart instead of ExecStartPost #12549

Merged
merged 1 commit into from
Nov 4, 2024
Merged

Update audit_rules_suid_privilege_function to use ExecStart instead of ExecStartPost #12549

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion ...diting/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,20 @@

{{% set rx_end = "(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$" %}}

{{% if product == 'rhel10' %}}
{{% set audit_loading_systemd_directive="ExecStart" %}}
{{% set audit_loading_service_file="audit-rules.service" %}}
{{% else %}}
{{% set audit_loading_systemd_directive="ExecStartPost" %}}
{{% set audit_loading_service_file="auditd.service" %}}
{{% endif %}}

- name: Service facts
ansible.builtin.service_facts:

- name: Check the rules script being used
ansible.builtin.command:
grep '^ExecStartPost' /usr/lib/systemd/system/auditd.service
grep '^{{{ audit_loading_systemd_directive }}}' /usr/lib/systemd/system/{{{ audit_loading_service_file }}}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do other occurrences of auditd and auditd.service in this Ansible remedaition need to be updated as well or only this one grep should be changed?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this is the only change needed in this Ansible remediation. Other rules might require some more adjustments, because of the ExecStart/ExecStartPost thing but it's not part of this PR to fix them, and they are more complicated IMO.

register: check_rules_scripts_result
changed_when: false
failed_when: false
Expand Down
Loading