Fix duplicated config options in auditd.conf
The regular expressions for max_log_file and space_left were not specific enough and the options were repeated in the auditd.conf over multiple runs of the security role. This patch makes those regular expressions more specific. A manual backport was required due to some variable namespacing work done in master. Closes-bug: 1604958 Change-Id: I56925d6b983d156543ba853b3dca846fb460949e
This commit is contained in:
Major Hayden
parent
4755f52897
commit
6826bccd97
@ -64,7 +64,7 @@
|
|||||||
- name: V-38633 - The system must set a maximum audit log file size
|
- name: V-38633 - The system must set a maximum audit log file size
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/audit/auditd.conf
|
dest: /etc/audit/auditd.conf
|
||||||
regexp: "^(#)?max_log_file ="
|
regexp: "^(#)?max_log_file(?!_action)"
|
||||||
line: "max_log_file = {{ max_log_file }}"
|
line: "max_log_file = {{ max_log_file }}"
|
||||||
when: auditd_conf.stat.exists | bool
|
when: auditd_conf.stat.exists | bool
|
||||||
notify:
|
notify:
|
||||||
@ -180,7 +180,7 @@
|
|||||||
- name: V-38678 - Lower limit of available disk space when auditd triggers space_left_action
|
- name: V-38678 - Lower limit of available disk space when auditd triggers space_left_action
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/audit/auditd.conf
|
dest: /etc/audit/auditd.conf
|
||||||
regexp: "^(#)?space_left"
|
regexp: "^(#)?space_left(?!_action)"
|
||||||
line: "space_left = {{ space_left }}"
|
line: "space_left = {{ space_left }}"
|
||||||
when: auditd_conf.stat.exists | bool
|
when: auditd_conf.stat.exists | bool
|
||||||
notify:
|
notify:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user