2aca8287dc
This patch adds a task and handlers for enabling the audit daemon during the boot sequence to comply with V-38438. Deployers have the option to opt-out of the entire change, or they can apply the change without updating the active grub.cfg file. Change-Id: Ia8702b8439a5993516397363b21356f1216be403
22 lines
668 B
YAML
22 lines
668 B
YAML
---
|
|
features:
|
|
- |
|
|
The role now enables auditing during early boot to comply with the
|
|
requirements in V-38438. By default, the GRUB configuration variables in
|
|
``/etc/default/grub.d/`` will be updated and the active ``grub.cfg`` will
|
|
be updated.
|
|
|
|
Deployers can opt-out of the change entirely by setting a variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_enable_audit_during_boot: no
|
|
|
|
Deployers may opt-in for the change without automatically updating the
|
|
active ``grub.cfg`` file by setting the following Ansible variables:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_enable_audit_during_boot: yes
|
|
security_enable_grub_update: no
|