Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Only run hardening if /var/log/audit exists #550

Merged
merged 5 commits into from
Jul 15, 2022

Conversation

mego22
Copy link
Contributor

@mego22 mego22 commented Jul 12, 2022

Role os_hardening

Description

We don't run Auditd on our hosts because we have a vendor provides this service for us. Because of this, when #531 was introduced in release 7.15.0 all our builds started failing. Instead for forcing everyone to install Auditd, the hardening step will only be run if /var/log/audit exists.

@rndmh3ro
Copy link
Member

Also, can you please sign-off your commits?

Signed-off-by: GitHub <noreply@github.com>
@mego22 mego22 force-pushed the Check_for_var_log_audit branch from a0639a9 to 9d6903e Compare July 13, 2022 17:58
@mego22
Copy link
Contributor Author

mego22 commented Jul 13, 2022

Also, can you please sign-off your commits?

Sorry about that, commit signed-off.

rndmh3ro and others added 4 commits July 14, 2022 15:03
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
This reverts commit c05fe8b.

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
@rndmh3ro rndmh3ro added the patch label Jul 15, 2022
@rndmh3ro rndmh3ro merged commit 8c82af9 into dev-sec:master Jul 15, 2022
@rndmh3ro
Copy link
Member

Thanks!

divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
* Only run harding if /var/log/audit exists

Signed-off-by: GitHub <noreply@github.com>

* Update roles/os_hardening/tasks/minimize_access.yml

* add more conditionals to when auditd show be hardened

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* add more tests to the os-hardening vm tests

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* Revert "add more tests to the os-hardening vm tests"

This reverts commit c05fe8b.

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants