Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

4.1.17 Ensure the audit configuration is immutable - Not correct set #138

Closed
Zablove opened this issue Oct 7, 2021 · 1 comment
Closed
Assignees
Labels
bug Something isn't working

Comments

@Zablove
Copy link

Zablove commented Oct 7, 2021

Describe the Issue
Conform the CIS rule 4.1.17 "Ensure the audit configuration is immutable", this rule has to be the last rule in the config, for example /etc/audit/rules.d/99-finalize.rules. This ansible playbook sets the rule with the name rhel8cis_rule_4_1_17.rules which result in not being the last rule.

Expected Behavior
According the CIS, this has to be the last file and the last rule should have "-e 2"

Actual Behavior
Value plased in rhel8cis_rule_4_1_17.rules and that is not the last rule:
total 64
-rw-------. 1 root root 244 Oct 7 07:24 audit.rules
-rw-------. 1 root root 595 Oct 7 08:34 rhel8cis_rule_4_1_10.rules
-rw-------. 1 root root 176 Oct 7 08:34 rhel8cis_rule_4_1_11.rules
-rw-------. 1 root root 161 Oct 7 08:34 rhel8cis_rule_4_1_12.rules
-rw-------. 1 root root 2921 Oct 7 08:34 rhel8cis_rule_4_1_13.rules
-rw-------. 1 root root 239 Oct 7 08:34 rhel8cis_rule_4_1_14.rules
-rw-------. 1 root root 180 Oct 7 08:34 rhel8cis_rule_4_1_15.rules
-rw-------. 1 root root 39 Oct 7 08:34 rhel8cis_rule_4_1_16.rules
-rw-------. 1 root root 5 Oct 7 11:11 rhel8cis_rule_4_1_17.rules
-rw-------. 1 root root 65 Oct 7 08:34 rhel8cis_rule_4_1_3.rules
-rw-------. 1 root root 74 Oct 7 08:34 rhel8cis_rule_4_1_4.rules
-rw-------. 1 root root 101 Oct 7 08:34 rhel8cis_rule_4_1_5.rules
-rw-------. 1 root root 307 Oct 7 08:34 rhel8cis_rule_4_1_6.rules
-rw-------. 1 root root 81 Oct 7 08:34 rhel8cis_rule_4_1_7.rules
-rw-------. 1 root root 319 Oct 7 08:34 rhel8cis_rule_4_1_8.rules
-rw-------. 1 root root 753 Oct 7 08:34 rhel8cis_rule_4_1_9.rules

Control(s) Affected
4.1.17 Ensure the audit configuration is immutable

Environment (please complete the following information):

  • Ansible Version: 2.10.8
  • Host Python Version: 3.9.2
  • Ansible Server Python Version: 3.9.2
  • Additional Details:

Additional Notes
Great playbook, helpes me a lot!

Possible Solution
Change the name of the file.

@Zablove Zablove added the bug Something isn't working label Oct 7, 2021
uk-bolly added a commit that referenced this issue Dec 15, 2021
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly uk-bolly mentioned this issue Dec 15, 2021
@uk-bolly uk-bolly self-assigned this Dec 16, 2021
@uk-bolly
Copy link
Member

hi @Zablove

Thank you for taking the time to raise this issue, it is only with feedback we can improve this project. Apologies for the delay in responding regarding this particular issue.
This has now been added to a new branch we which hope to get approved this week into devel.

regards

uk-bolly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants