Skip to content

Commit

Permalink
Added remediation and tests for the rule permissions_local_var_log_audit
Browse files Browse the repository at this point in the history
  • Loading branch information
rumch-se committed Sep 3, 2024
1 parent d391d4c commit c37378a
Show file tree
Hide file tree
Showing 4 changed files with 97 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# platform = multi_platform_sle,multi_platform_slmicro
# reboot = false
# complexity = low
# strategy = configure
# disruption = low

{{{ ansible_lineinfile(msg='Configure permission for /var/log/audit', path='/etc/permissions.local', regex='^\/var\/log\/audit\s+root.*', insensitive=false, new_line='/var/log/audit root:root 600', create='yes', state='present', register='update_permissions_var_log_audit') }}}

- name: "Correct file permissions after update /var/log/audit"
shell: >
set -o pipefail
chkstat --set --system
when: update_update_permissions_var_log_audit.changed

{{{ ansible_lineinfile(msg='Configure permission for /var/log/audit.log', path='/etc/permissions.local', regex='^\/var\/log\/audit\/audit.log\s+root.*', insensitive=false, new_line='/var/log/audit/audit.log root:root 600', create='yes', state='present', register='update_permissions_var_log_audit_audit_log') }}}

- name: "Correct file permissions after update /var/log/audit/audit.log"
shell: >
set -o pipefail
chkstat --set --system
when: update_permissions_var_log_audit_audit_log.changed

{{{ ansible_lineinfile(msg='Configure permission for /etc/audit/audit.rules', path='/etc/permissions.local', regex='^\/etc\/audit\/audit.rules\s+root.*', insensitive=false, new_line='/etc/audit/audit.rules root:root 640', create='yes', state='present', register='update_permissions_etc_audit_audit_rules') }}}

- name: "Correct file permissions after update /etc/audit/audit.rules"
shell: >
set -o pipefail
chkstat --set --system
when: update_permissions_etc_audit_audit_rules.changed

{{{ ansible_lineinfile(msg='Configure permission for /etc/audit/rules.d/audit.rules', path='/etc/permissions.local', regex='^\/etc\/audit\/rules.d\/audit.rules\s+root.*', insensitive=false, new_line='/etc/audit/rules.d/audit.rules root:root 640', create='yes', state='present', register='update_permissions_etc_audit_rules_d_audit_rules') }}}

- name: "Correct file permissions after update /etc/audit/rules.d/audit.rules"
shell: >
set -o pipefail
chkstat --set --system
when: update_permissions_etc_audit_rules_d_audit_rules.changed
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# platform = multi_platform_sle,multi_platform_slmicro

current_permissions_rules=$(grep -i audit /etc/permissions.local)
if [ ${#current_permissions_rules} -ne 0 ]
then
echo "We will delete existing permissions"
sed -ri '/^\/var\/log\/audit\s+root:.*/d' /etc/permissions.local
sed -ri '/^\/var\/log\/audit\/audit.log\s+root.*/d' /etc/permissions.local
sed -ri '/^\/etc\/audit\/audit.rules\s+root.*/d' /etc/permissions.local
sed -ri '/^\/etc\/audit\/rules.d\/audit.rules\s+root.*/d' /etc/permissions.local
fi
echo "There are no permission rules for audit information files and folders. We will add them"
echo "/var/log/audit root:root 600" >> /etc/permissions.local
echo "/var/log/audit/audit.log root:root 600" >> /etc/permissions.local
echo "/etc/audit/audit.rules root:root 640" >> /etc/permissions.local
echo "/etc/audit/rules.d/audit.rules root:root 640" >> /etc/permissions.local

check_stats=$(chkstat /etc/permissions.local)
if [ ${#check_stats} -gt 0 ]
then
echo "Audit information files and folders don't have correct permissions.We will set them"
chkstat --set /etc/permissions.local
fi
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/bin/bash

# platform = multi_platform_sle,multi_platform_slmicro

current_permissions_rules=$(grep -i audit /etc/permissions.local)
if [ ${#current_permissions_rules} -ne 0 ]
then
echo "We will delete existing permissions"
sed -ri '/^\/var\/log\/audit\s+root:.*/d' /etc/permissions.local
sed -ri '/^\/var\/log\/audit\/audit.log\s+root.*/d' /etc/permissions.local
sed -ri '/^\/etc\/audit\/audit.rules\s+root.*/d' /etc/permissions.local
sed -ri '/^\/etc\/audit\/rules.d\/audit.rules\s+root.*/d' /etc/permissions.local
fi
echo "There are no permission rules for audit information files and folders. We will add them"
echo "/var/log/audit root:root 600" >> /etc/permissions.local
echo "/var/log/audit/audit.log root:root 600" >> /etc/permissions.local
echo "/etc/audit/audit.rules root:root 640" >> /etc/permissions.local
echo "/etc/audit/rules.d/audit.rules root:root 640" >> /etc/permissions.local

check_stats=$(chkstat /etc/permissions.local)
if [ ${#check_stats} -gt 0 ]
then
echo "Audit information files and folders don't have correct permissions.We will set them"
chkstat --set /etc/permissions.local
fi
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash

# platform = multi_platform_sle,multi_platform_slmicro

for AUDIT_FILE in /var/log/audit /var/log/audit/audit.log /etc/audit/audit.rules /etc/audit/rules.d/audit.rules
do
if [ -f $AUDIT_FILE ]
then
chown nobody:nobody $AUDIT_FILE
chmod 0644 $AUDIT_FILE
fi
done

0 comments on commit c37378a

Please sign in to comment.