openstack
/
openstack-ansible-security
Code Issues Proposed changes

Fix duplicated config options in auditd.conf 

The regular expressions for max_log_file and space_left
were not specific enough and the options were repeated in the
auditd.conf over multiple runs of the security role. This patch
makes those regular expressions more specific.

A manual backport was required due to some variable namespacing
work done in master.

Closes-bug: 1604958
Change-Id: I56925d6b983d156543ba853b3dca846fb460949e
This commit is contained in:
Major Hayden 2016-07-20 15:51:51 -05:00
parent 4755f52897
commit 6826bccd97
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tasks/auditd.yml
View File

@ -64,7 +64,7 @@
- name: V-38633 - The system must set a maximum audit log file size
lineinfile:
dest: /etc/audit/auditd.conf
regexp: "^(#)?max_log_file ="
regexp: "^(#)?max_log_file(?!_action)"
line: "max_log_file = {{ max_log_file }}"
when: auditd_conf.stat.exists | bool
notify:
@ -180,7 +180,7 @@
- name: V-38678 - Lower limit of available disk space when auditd triggers space_left_action
lineinfile:
dest: /etc/audit/auditd.conf
regexp: "^(#)?space_left"
regexp: "^(#)?space_left(?!_action)"
line: "space_left = {{ space_left }}"
when: auditd_conf.stat.exists | bool
notify: