Comments (6)
Hi @AdrianPop, this is expected behavior when auditd_apply_audit_rules: true
, https://github.com/konstruktoid/ansible-role-hardening/blob/master/defaults/main/auditd.yml#L2C1-L2C31
from ansible-role-hardening.
@konstruktoid yes, indeed. I've read the config files and figured that out in the end.
But which rule from here https://github.com/konstruktoid/ansible-role-hardening/blob/master/templates/etc/audit/rules.d/hardening.rules.j2 produces the output from above for docker?
One of them seems this -w /tmp -p wxa -k tmp
, but I cannot identify the other one for docker.
from ansible-role-hardening.
Also, these rules are not working as expected imho
auditd_max_log_file: 8
auditd_max_log_file_action: keep_logs
auditd_num_logs: 5
According to auditd docs, when max_log_file_action
is set to keep_logs
it ignores the num_logs
.
I've managed to make it work by changing: max_log_file_action = rotate
from ansible-role-hardening.
Also, these rules are not working as expected imho
auditd_max_log_file: 8 auditd_max_log_file_action: keep_logs auditd_num_logs: 5
According to auditd docs, when
max_log_file_action
is set tokeep_logs
it ignores thenum_logs
.I've managed to make it work by changing:
max_log_file_action = rotate
Nice catch, I'll update this settings later today. auditd_max_log_file
can most likely be increased as well.
from ansible-role-hardening.
@konstruktoid yes, indeed. I've read the config files and figured that out in the end.
But which rule from here https://github.com/konstruktoid/ansible-role-hardening/blob/master/templates/etc/audit/rules.d/hardening.rules.j2 produces the output from above for docker?
One of them seems this
-w /tmp -p wxa -k tmp
, but I cannot identify the other one for docker.
I believe a couple of log entries are missing from your post, but please try aureport --key docker
, aureport -t
or aureport -x
.
from ansible-role-hardening.
I've copied only a few logs, as you can see, all of them have the same logging second: :58
from ansible-role-hardening.
Related Issues (20)
- request add yescrypt for new debian system HOT 2
- Sysctl behavior on boot messes with the configuration set by the playbooks HOT 19
- [BUG] When disabling ufw_enable playbook fails when setting sysctl for conntrack with default values HOT 2
- Update wording regarding usb-storage
- [BUG] User locked out if not in *sudo* group HOT 3
- Just making sure, linter side effects? HOT 4
- Disabeling snap removal on playbook HOT 3
- [Documentation] Source(s) of password list? HOT 1
- Auditd configuration
- [BUG] Task: Configure sshd using sshd_config.d] ; Error : AnsibleUndefinedVariable: {{ ansible_user }}: 'ansible_user' is undefined" HOT 5
- [BUG] Errors while running role HOT 5
- [BUG] Debian HOT 8
- Custom templates/files HOT 3
- [DOCS] Add info regarding hardened images
- [BUG] Interface with vlan name notworking HOT 1
- Replace the deprecated `ChallengeResponseAuthentication`
- [BUG] Idempotence test fails when using match_ in sshd config HOT 3
- [BUG] scorecard-action HOT 1
- [Question] Disable SSHD? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-role-hardening.