Merge pull request #722 from dev-sec/arch_audit

support restarts of audit service on Arch linux
dev-sec · Nov 24, 2023 · 508b993 · 508b993
2 parents c768628 + 54f9ef4
commit 508b993
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 7 deletions.
diff --git a/.github/workflows/os_hardening_vm.yml b/.github/workflows/os_hardening_vm.yml
@@ -50,7 +50,7 @@ jobs:
           - generic/debian11
           - generic/debian12
           - generic/opensuse15
-          # - generic/arch  # needs fix for audit
+          - generic/arch
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4

diff --git a/molecule/os_hardening_vm/converge.yml b/molecule/os_hardening_vm/converge.yml
@@ -12,6 +12,9 @@
     - name: override for arch
       set_fact: 
         os_mnt_boot_enabled: false
+        os_mnt_tmp_enabled: true
+        os_mnt_tmp_src: "tmpfs"
+        os_mnt_tmp_filesystem: "tmpfs"
       when: ansible_facts.os_family == 'Archlinux'
     - name: overrides for Fedora image
       set_fact: 

diff --git a/roles/os_hardening/handlers/main.yml b/roles/os_hardening/handlers/main.yml
@@ -2,15 +2,26 @@
 - name: Update-initramfs # noqa no-changed-when
   ansible.builtin.command: update-initramfs -u
 
-- name: Restart auditd # noqa command-instead-of-module no-changed-when
-  ansible.builtin.command:
-    cmd: service auditd restart # rhel: see: https://access.redhat.com/solutions/2664811
-  when: molecule_yml.driver.name | default() != "docker" # restarting auditd in a container does not work
-
 - name: Reload systemd
   ansible.builtin.systemd:
     daemon_reload: true
 
+- name: Restart auditd via systemd
+  ansible.builtin.systemd:
+    name: auditd.service
+    state: restarted
+  ignore_errors: "{{ ansible_check_mode }}"
+  when:
+    - molecule_yml.driver.name | default() != "docker" # restarting auditd in a container does not work
+    - not ansible_facts.os_family == 'RedHat'
+
+- name: Restart auditd via service # noqa command-instead-of-module no-changed-when
+  ansible.builtin.command:
+    cmd: service auditd restart # rhel: see: https://access.redhat.com/solutions/2664811
+  when:
+    - molecule_yml.driver.name | default() != "docker" # restarting auditd in a container does not work
+    - ansible_facts.os_family == 'RedHat'
+
 - name: Remount filesystems
   ansible.posix.mount:
     path: "{{ item }}"

diff --git a/roles/os_hardening/tasks/auditd.yml b/roles/os_hardening/tasks/auditd.yml
@@ -12,5 +12,7 @@
     owner: root
     group: root
     mode: "0640"
-  notify: Restart auditd
+  notify:
+    - Restart auditd via service
+    - Restart auditd via systemd
   tags: auditd