openstack/ansible-hardening
Code Issues Proposed changes

Fix auditd rpmverify check

Browse Source 
The security role alters some additional configuration files
related to auditd and these need to be skipped when we verify
the package. The verification is only needed on the executables,
not the configuration files.

This only affects CentOS/RHEL 7.

Change-Id: Ia5e936a88f08f4209e37d0fabbb27f14d9eda2ab
Closes-bug: bug/1612688
This commit is contained in:
Major Hayden 2016-08-12 09:59:23 -05:00
parent c458db68fa
commit a715acf0e9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tasks/auditd.yml
View File

@ -132,7 +132,7 @@
- V-38637
- name: Check audit package contents for alterations with rpm (for V-38637)
shell: rpmverify audit audit-libs | grep -v audit.conf | wc -l
shell: "rpmverify audit audit-libs | grep -v '\\.conf$' | wc -l"
register: v38637_result
changed_when: False
when: ansible_pkg_mgr == 'yum'