Skip to content

Commit

Permalink
rhcos4: Add remediation and e2e test for auditing access to audit logs
Browse files Browse the repository at this point in the history 
This was missing.

Signed-off-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>
  • Loading branch information
@JAORMX
JAORMX committed Mar 30, 2021
1 parent 46ed962 commit 5664dfe
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
10 changes: 10 additions & 0 deletions ...stem/auditing/auditd_configure_rules/directory_access_var_log_audit/kubernetes/shared.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# platform = multi_platform_ocp,multi_platform_rhcos
# reboot = true
# strategy = disable
# complexity = low
# disruption = medium
#
{{% macro rhcos_access_var_log_audit_rules() -%}}
-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>={{{ auid }}} -F auid!=unset -F key=access-audit-trail
{{%- endmacro %}}
{{{ kubernetes_machine_config_file(path='/etc/audit/rules.d/30-access-var-log-audit.rules', file_permissions_mode='0600', source=rhcos_access_var_log_audit_rules()) }}}
3 changes: 3 additions & 0 deletions ...stem/auditing/auditd_configure_rules/directory_access_var_log_audit/tests/ocp4/shared.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
default_result: FAIL
result_after_remediation: PASS

0 comments on commit 5664dfe

Please sign in to comment.