Merge pull request #352 from ansible-lockdown/auditd_update

updated prelim and typos

tasks/prelim.yml

@@ -275,6 +275,46 @@
       name: audit
       state: present
 
+- name: "PRELIM | 5.2.4.x | Ensure audit log files are mode 0640 or less permissive | discover file"
+  ansible.builtin.shell: "grep ^log_file /etc/audit/auditd.conf | awk '{ print $NF }'"
+  changed_when: false
+  failed_when: audit_discovered_logfile.rc not in [0, 1]
+  register: audit_discovered_logfile
+  when:
+      - rhel8cis_rule_5_2_4_1
+      - rhel8cis_rule_5_2_4_2
+      - rhel8cis_rule_5_2_4_3
+      - rhel8cis_rule_5_2_4_4
+  tags:
+      - level2-server
+      - level2-workstation
+      - patch
+      - auditd
+      - rule_5.2.4.1
+      - rule_5.2.4.2
+      - rule_5.2.4.3
+      - rule_5.2.4.4
+
+- name: "PRELIM | 5.2.4.5/6/7 | Audit conf and rules files | list files"
+  ansible.builtin.find:
+      path: /etc/audit
+      file_type: file
+      recurse: true
+      patterns: '*.conf,*.rules'
+  register: auditd_conf_files
+  when:
+      - rhel8cis_rule_5_2_4_5 or
+        rhel8cis_rule_5_2_4_6 or
+        rhel8cis_rule_5_2_4_7
+  tags:
+      - level2-server
+      - level2-workstation
+      - patch
+      - auditd
+      - rule_5.2.4.5
+      - rule_5.2.4.6
+      - rule_5.2.4.7
+
 - name: "PRELIM | Gather accounts with empty password fields"
   when:
       - rhel8cis_rule_6_2_1

tasks/section_5/main.yml

@@ -35,9 +35,9 @@
   ansible.builtin.import_tasks:
       file: cis_5.2.3.x.yml
 
-- name: "SECTION | 5.2.3.x | Audit file permissions"
+- name: "SECTION | 5.2.4.x | Audit file permissions"
   ansible.builtin.import_tasks:
-      file: cis_5.2.3.x.yml
+      file: cis_5.2.4.x.yml
 
 - name: "SECTION | 5.3.x | Aide"
   ansible.builtin.import_tasks: