bfcf6c7423
This role contains around 150 controls from the 270+ controls that exist in the RHEL 6 STIG. New controls are still being added. Implements: blueprint security-hardening Change-Id: I0578f86bf42d55242bc72b97b40a5935a3cb18d6
20 lines
848 B
ReStructuredText
20 lines
848 B
ReStructuredText
Ubuntu's default for ``disk_full_action`` is ``SUSPEND``, which actually
|
|
only suspends audit logging. That could be a security issue, so ``SYSLOG``
|
|
is recommended and is set by default be openstack-ansible-security. If syslog
|
|
messages are being sent to remote servers, these log messages should alert
|
|
an administrator about the disk being full. There are additional options
|
|
available, like ``EXEC``, ``SINGLE`` or ``HALT``.
|
|
|
|
To configure a different ``disk_full_action``, set the following Ansible
|
|
variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
disk_full_action = SYSLOG
|
|
|
|
For details on available settings and what they do, run ``man auditd.conf``.
|
|
Some options can cause the host to go offline until the issue is fixed.
|
|
Deployers are urged to **carefully read the auditd documentation** prior to
|
|
changing the ``disk_full_action`` setting from the default.
|
|
|