Create audit rules without permissions for others

ComplianceAsCode · Aug 19, 2021 · 34a6691 · 34a6691
1 parent fe88dfb
commit 34a6691
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/shared/bash_remediation_functions/fix_audit_syscall_rule.sh b/shared/bash_remediation_functions/fix_audit_syscall_rule.sh
@@ -204,6 +204,7 @@ then
 	local auid_string=$([[ $auid_filters ]] && echo " $auid_filters")
 	local full_rule="${action_arch_filters}${syscall_string}${other_string}${auid_string} -F key=${key}"
 	echo "$full_rule" >> "$default_file"
+	chmod o-rwx ${default_file}
 else
 	# Check if the syscalls are declared as a comma separated list or
 	# as multiple -S parameters

diff --git a/shared/macros-ansible.jinja b/shared/macros-ansible.jinja
@@ -467,6 +467,7 @@ The macro requires following parameters:
     path: '{{ audit_file }}'
     line: "{{{ action_arch_filters }}}{{{ syscall_flag }}}{{ syscalls | join(',') }}{{{ other_filters }}}{{{ auid_filters}}} -F key={{{ key }}}"
     create: true
+    mode: o-rwx
     state: present
   when: syscalls_found | length == 0
 {{%- endmacro %}}
@@ -535,6 +536,7 @@ The macro requires following parameters:
     path: '{{ audit_file }}'
     line: "{{{ action_arch_filters }}}{{{ syscall_flag }}}{{ syscalls | join(',') }}{{{ other_filters }}}{{{ auid_filters}}} -F key={{{ key }}}"
     create: true
+    mode: o-rwx
     state: present
   when: syscalls_found | length == 0
 {{%- endmacro %}}