Skip to content

Commit

Permalink
use ubtu20cis_auditd[admin_space_left_action]
Browse files Browse the repository at this point in the history
Signed-off-by: Karl DeBisschop <[email protected]>
  • Loading branch information
kdebisschop committed Mar 24, 2024
1 parent 38b4140 commit a943b93
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
7 changes: 4 additions & 3 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -727,15 +727,16 @@ ubtu20cis_remote_log_server: 192.168.2.100
ubtu20cis_audit_back_log_limit: 8192

# ubtu20cis_max_log_file_size is largest the log file will become in MB
# This shoudl be set based on your sites policy
# This should be set based on your sites policy
ubtu20cis_max_log_file_size: 10

#
# ubtu20cis_auditd sets actions for admin_space_left_action and max_log_file_action
# CIS allows admin_space_left_action of "halt" or "single"
ubtu20cis_auditd:
admin_space_left_action: halt
max_log_file_action: keep_logs

# ubtu20cis_logrotate is the log rotate frequencey. Options are daily, weekly, monthly, and yearly
# ubtu20cis_logrotate is the log rotate frequency. Options are daily, weekly, monthly, and yearly
ubtu20cis_logrotate: "daily"

# Control 4.3
Expand Down
2 changes: 1 addition & 1 deletion tasks/section_5/cis_5.2.2.x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
with_items:
- { regexp: '^space_left_action', line: 'space_left_action = email' }
- { regexp: '^action_mail_acct', line: 'action_mail_acct = root' }
- { regexp: '^admin_space_left_action', line: 'admin_space_left_action = halt' }
- { regexp: '^admin_space_left_action', line: "admin_space_left_action = {{ ubtu20cis_auditd['admin_space_left_action'] }}" }
notify: restart auditd
when:
- ubtu20cis_rule_5_2_2_3
Expand Down

0 comments on commit a943b93

Please sign in to comment.