Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auditd: add possibility to override config template #685

Merged
merged 3 commits into from Jul 24, 2023
Merged

auditd: add possibility to override config template #685

merged 3 commits into from Jul 24, 2023

Conversation

Meecr0b
Copy link
Contributor

@Meecr0b Meecr0b commented Jul 13, 2023

By referencing the auditd.conf.j2 template source, a templates directory can be created next to your playbook with a custom myauditd.conf.j2 template in it.
Afterwards you just have to set the variable os_auditd_template to myauditd.conf.j2 and the custom template is used.

This PR also extend the auditd.conf.j2 by

  • os_auditd_freq
  • os_auditd_write_logs
  • os_auditd_log_file
    with its default values set.

Dennis Lerch dennis.lerch@mercedes-benz.com, Mercedes-Benz Tech Innovation GmbH, Provider Information

Dennis Lerch added 2 commits July 13, 2023 10:37
make template overrideable
dc88409 
by referencing the auditd.conf.j2 template, a custom template can be provided to the role.

Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com>
extend auditd config
efa0949 
make freq and log_file configurable
implement write_logs with it's default value in order to be able to disable log writing

Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com>
rndmh3ro
rndmh3ro reviewed Jul 22, 2023
View reviewed changes
Copy link
Member

@rndmh3ro rndmh3ro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Can you please document the new variables in the README (https://github.com/dev-sec/ansible-collection-hardening/blob/master/roles/os_hardening/README.md)?

@Meecr0b
Copy link
Contributor Author

Meecr0b commented Jul 22, 2023

README.md updated

@rndmh3ro
Copy link
Member

lgtm! One last thing: could you please sign-off your commits? See: https://github.com/dev-sec/ansible-collection-hardening/pull/685/checks?check_run_id=15261278521

Thanks!

Extend README.md documentation by new variables
8c7ac3b 
reorder `os_auditd_log_format` to keep sequence from defaults

Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com>
@Meecr0b
Copy link
Contributor Author

Meecr0b commented Jul 24, 2023

lgtm! One last thing: could you please sign-off your commits? See: https://github.com/dev-sec/ansible-collection-hardening/pull/685/checks?check_run_id=15261278521

Thanks!

sure, sorry for the inconvenience

@rndmh3ro rndmh3ro merged commit 6bcdb25 into dev-sec:master Jul 24, 2023
9 of 32 checks passed
@nejch nejch mentioned this pull request Aug 18, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rndmh3ro rndmh3ro rndmh3ro left review comments

Assignees
No one assigned
Labels
enhancement minor os_hardening
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Meecr0b @rndmh3ro