openstack-ansible-security/V-38547.rst at fe39a30c98f7ea706b930b18e9a37b8e4ce8d6a9

Andy McCrae fe39a30c98 Revert "Retire openstack-ansible-security"

This reverts commit ea9b39d723.
In order to release stable/pike we need this to still be present.
https://review.openstack.org/#/c/502063/ is failing.

Once we release stable/pike we can figure out how to properly remove
this repository.

Change-Id: I50308b1c3001371d4554b6c2640bd5384e870a53

2017-09-13 10:34:55 -06:00

478 B

Raw Blame History

---id: V-38547 status: opt-in tag: auditd ---

The audit rules which monitor chmod, fchmod, and fchmodat syscalls can cause high CPU and I/O load during OpenStack-Ansible deployments and while updating packages with apt. By default, these rules are disabled.

These audit rules can be enabled by setting any of the following variables:

security_audit_DAC_chmod: yes
security_audit_DAC_fchmod: yes
security_audit_DAC_fchmodat: yes

478 B Raw Blame History

478 B

Raw Blame History