valleyforge/resist-vpn-infra
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8434e5fe8c
resist-vpn-infra/roles/system_hardening/tasks/audit.yml
Sparticus 28db1d2104 CIS + inital
2026-01-26 21:22:41 -05:00

58 lines
1.5 KiB
YAML
Raw Blame History

---
# Auditd Configuration Tasks (CIS 4.1.x)
- name: Ensure auditd is installed (CIS 4.1.1)
ansible.builtin.apt:
name:
- auditd
- audispd-plugins
state: present
- name: Configure auditd max log file size (CIS 4.1.3)
ansible.builtin.lineinfile:
path: /etc/audit/auditd.conf
regexp: '^max_log_file\s*='
line: "max_log_file = {{ auditd_max_log_file }}"
state: present
- name: Configure auditd log retention (CIS 4.1.4)
ansible.builtin.lineinfile:
path: /etc/audit/auditd.conf
regexp: '^max_log_file_action\s*='
line: "max_log_file_action = keep_logs"
state: present
- name: Configure auditd space left action (CIS 4.1.5)
ansible.builtin.lineinfile:
path: /etc/audit/auditd.conf
regexp: '^space_left_action\s*='
line: "space_left_action = email"
state: present
- name: Configure auditd admin space left action
ansible.builtin.lineinfile:
path: /etc/audit/auditd.conf
regexp: '^admin_space_left_action\s*='
line: "admin_space_left_action = halt"
state: present
- name: Deploy CIS-compliant audit rules
ansible.builtin.template:
src: audit.rules.j2
dest: /etc/audit/rules.d/cis.rules
owner: root
group: root
mode: '0640'
notify: restart auditd
- name: Load audit rules
ansible.builtin.command: augenrules --load
changed_when: false
failed_when: false
- name: Ensure auditd is started and enabled (CIS 4.1.2)
ansible.builtin.systemd:
name: auditd
state: started
enabled: yes
Reference in New Issue View Git Blame Copy Permalink