Enable/start auditd [+Docs]

This patch adds a task to start auditd and ensure it starts at boot-up. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I16e4788268ef862e7cfb5bce4fbc43808be3e9c6
2016-12-06 08:32:38 -06:00 · 2016-12-06 08:32:38 -06:00 · 439cd3d776
commit 439cd3d776
parent 4e8bf6705f
2 changed files with 16 additions and 3 deletions
--- a/doc/metadata/rhel7/RHEL-07-030010.rst
+++ b/doc/metadata/rhel7/RHEL-07-030010.rst
@ -1,7 +1,8 @@
 ---
 id: RHEL-07-030010
-status: not implemented
-tag: misc
+status: implemented
+tag: auditd
 ---

-This STIG requirement is not yet implemented.
+The tasks in the security role start the audit daemon immediately and ensure
+that it starts at boot time.
--- a/tasks/rhel7stig/auditd.yml
+++ b/tasks/rhel7stig/auditd.yml
@ -134,3 +134,15 @@
    - RHEL-07-030674
    - RHEL-07-030710
    - RHEL-07-030090
+
+- name: Ensure auditd is running and enabled at boot time
+  service:
+    name: auditd
+    state: started
+    enabled: yes
+  when:
+    - auditd_conf.stat.exists
+  tags:
+    - high
+    - auditd
+    - RHEL-07-030010