-
Notifications
You must be signed in to change notification settings - Fork 745
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create auditd rules #468
Create auditd rules #468
Conversation
see Telekom 2021.07-01 SoC 3.65 Req 32-36 Signed-off-by: Maik Stuebner <Maik.Stuebner@t-systems.com>
Signed-off-by: Maik Stuebner <Maik.Stuebner@t-systems.com>
Signed-off-by: Maik Stuebner <Maik.Stuebner@t-systems.com>
Signed-off-by: Maik Stuebner <Maik.Stuebner@t-systems.com>
As discussed with @rndmh3ro in #367 we would be interested in managing auditd rules in question: there are a lot of default rules here already and people might add more. Since order matters, would it make sense to structure these into the semi-conventional ordered files (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-defining_audit_rules_and_controls#bh-augenrules)? But perhaps that's overkill. I've looked at an existing role and like how it handles this: https://github.com/juju4/ansible-auditd/. For example I like how it also deletes unmanaged rules files, which IMO helps with idempotency as well and prevents users manually trying to manage it. Either way, in case you are no longer working on this @m41kc0d3 I'd be happy to take a look at this as well. |
Is there any Progress on this issue? As a user i would prefer to have the option to specify some AuditD rules but i do not want to have a pre defined set of rules since those are most likely not a good fit. |
No, and we will probably remove the auditd-stuff from the collection (see the reasons above). Therefore I'm closing this. |
see Telekom 2021.07-01 SoC 3.65 Req32-37
Public Telekom Security - Requirements