openstack-ansible-security/doc/source/developer-notes/V-54381.rst
Major Hayden 9e67ff3184 Docs: Fix rendering of :orphan:
This patch removes the ``:orphan:`` docinfo from the documentation
and instead adds the orphaned docs into the ``exclude_pattern``
configuration option. There's a bug that causes the tag to actually
get rendered in the docs when those docs are brought in via an
include.

Backport-of: Iacce8f5bfd9a629117564938bbb376bf5abcec31

Change-Id: I815070d1de924c9c4ec7c21098acb6c52baac3b8
2016-06-27 20:38:03 +00:00

626 B

Exception

The STIG requires that the audit system must switch the entire system into single-user mode when the space for logging becomes dangerously low.

This will cause serious service disruptions for any environment and should only be enabled for extremely high security environments.

Ubuntu sets admin_space_left_action to SUSPEND by default, and this will cause logging to be temporarily suspended until disk space is freed.

For extremely high security environments, this Ansible variable can be provided to meet the requirements of the STIG:

admin_space_left_action: SINGLE