-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
4.1.17 Ensure the audit configuration is immutable - Not correct set #138
Labels
bug
Something isn't working
Comments
uk-bolly
added a commit
that referenced
this issue
Dec 15, 2021
Signed-off-by: Mark Bolwell <[email protected]>
Merged
hi @Zablove Thank you for taking the time to raise this issue, it is only with feedback we can improve this project. Apologies for the delay in responding regarding this particular issue. regards uk-bolly |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the Issue
Conform the CIS rule 4.1.17 "Ensure the audit configuration is immutable", this rule has to be the last rule in the config, for example /etc/audit/rules.d/99-finalize.rules. This ansible playbook sets the rule with the name rhel8cis_rule_4_1_17.rules which result in not being the last rule.
Expected Behavior
According the CIS, this has to be the last file and the last rule should have "-e 2"
Actual Behavior
Value plased in rhel8cis_rule_4_1_17.rules and that is not the last rule:
total 64
-rw-------. 1 root root 244 Oct 7 07:24 audit.rules
-rw-------. 1 root root 595 Oct 7 08:34 rhel8cis_rule_4_1_10.rules
-rw-------. 1 root root 176 Oct 7 08:34 rhel8cis_rule_4_1_11.rules
-rw-------. 1 root root 161 Oct 7 08:34 rhel8cis_rule_4_1_12.rules
-rw-------. 1 root root 2921 Oct 7 08:34 rhel8cis_rule_4_1_13.rules
-rw-------. 1 root root 239 Oct 7 08:34 rhel8cis_rule_4_1_14.rules
-rw-------. 1 root root 180 Oct 7 08:34 rhel8cis_rule_4_1_15.rules
-rw-------. 1 root root 39 Oct 7 08:34 rhel8cis_rule_4_1_16.rules
-rw-------. 1 root root 5 Oct 7 11:11 rhel8cis_rule_4_1_17.rules
-rw-------. 1 root root 65 Oct 7 08:34 rhel8cis_rule_4_1_3.rules
-rw-------. 1 root root 74 Oct 7 08:34 rhel8cis_rule_4_1_4.rules
-rw-------. 1 root root 101 Oct 7 08:34 rhel8cis_rule_4_1_5.rules
-rw-------. 1 root root 307 Oct 7 08:34 rhel8cis_rule_4_1_6.rules
-rw-------. 1 root root 81 Oct 7 08:34 rhel8cis_rule_4_1_7.rules
-rw-------. 1 root root 319 Oct 7 08:34 rhel8cis_rule_4_1_8.rules
-rw-------. 1 root root 753 Oct 7 08:34 rhel8cis_rule_4_1_9.rules
Control(s) Affected
4.1.17 Ensure the audit configuration is immutable
Environment (please complete the following information):
Additional Notes
Great playbook, helpes me a lot!
Possible Solution
Change the name of the file.
The text was updated successfully, but these errors were encountered: