Add unimplemented auditd functionality (ansible-lockdown#86)

* Add unimplemented auditd functionality * re-adding some post-fork updates * disable custom auditd handler when running in docker * try alternative docker detection * trying to call the auditd restart directly * create dummy functions file for cut down docker image * put dummy function in prelim tasks * add proper functions file * update functions file from a working rhel * skip auditd restart for travis, as per stig role * label part 1 and 2 of dual step command for debugging * update to fix tests * skip ansible lint for required shell command * applied requested changes * change auditd to command as requested * update to fix failing test * :set paste! :/ * trailing whitespace * fix regex on logrotate * fixes for logrotate config * lint fix
tvigers · Apr 9, 2018 · 6c8a355 · 6c8a355
1 parent afc6e46
commit 6c8a355
Show file tree

Hide file tree

Showing 19 changed files with 237 additions and 101 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -355,6 +355,8 @@ rhel7cis_auditd:
     admin_space_left_action: halt
     max_log_file_action: keep_logs
 
+rhel7cis_logrotate: "daily"
+
 ## Section5 vars
 
 rhel7cis_sshd:

diff --git a/handlers/main.yml b/handlers/main.yml
@@ -26,6 +26,15 @@
       masked: no
       state: reloaded
 
+- name: systemd restart var-tmp.mount
+  become: yes
+  systemd:
+      name: var-tmp.mount
+      daemon_reload: yes
+      enabled: yes
+      masked: no
+      state: reloaded
+
 - name: generate new grub config
   become: yes
   command: grub2-mkconfig -o "{{ grub_cfg.stat.lnk_source }}"
@@ -51,3 +60,15 @@
 - name: reload dconf
   become: yes
   command: dconf update
+
+- name: restart auditd
+  command: /sbin/service auditd restart
+  changed_when: no
+  check_mode: no
+  failed_when: no
+  args:
+    warn: no
+  when:
+    - rhel7cis_skip_for_travis == false
+  tags:
+    - skip_ansible_lint