963 B
---id: V-38464 status: implemented tag: misc ---
The default configuration for disk_error_action is
SUSPEND, which only suspends audit logging when there is a
disk error on the system. Suspending audit logging can lead to security
problems because the system is no longer keeping track of which syscalls
were made.
The security role sets the configuration to SYSLOG so
that messages are sent to syslog when disk errors occur. There are
additional options available, like EXEC,
SINGLE or HALT.
To configure a different disk_error_action, set the
following Ansible variable:
security_disk_error_action: SYSLOGFor details on available settings and what they do, run
man auditd.conf. Some options can cause the host to go
offline until the issue is fixed. Deployers are urged to
carefully read the auditd documentation prior to
changing the security_disk_error_action setting from the
default.