- name: Gather the package facts
package_facts:
manager: auto
tags:
- CJIS-5.4.1.1
- NIST-800-171-3.3.1 - NIST-800-53-AC-6(1)
- NIST-800-53-AU-9(4)
- NIST-800-53-CM-6(a)
- PCI-DSS-Req-10.5
- PCI-DSSv4-10.3.1
- file_permissions_var_log_audit
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- restrict_strategy
- name: Get audit log files
command: grep -iw ^log_file /etc/audit/auditd.conf
failed_when: false
register: log_file_exists
when:
- '"audit" in ansible_facts.packages'
- ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
- CJIS-5.4.1.1
- NIST-800-171-3.3.1
- NIST-800-53-AC-6(1)
- NIST-800-53-AU-9(4)
- NIST-800-53-CM-6(a)
- PCI-DSS-Req-10.5
- PCI-DSSv4-10.3.1
- file_permissions_var_log_audit
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- restrict_strategy
- name: Parse log file line
command: awk -F '=' '/^log_file/ {print $2}' /etc/audit/auditd.conf
register: log_file_line
when:
- '"audit" in ansible_facts.packages'
- ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
- log_file_exists is not skipped and (log_file_exists.stdout | length > 0)
tags:
- CJIS-5.4.1.1
- NIST-800-171-3.3.1
- NIST-800-53-AC-6(1)
- NIST-800-53-AU-9(4)
- NIST-800-53-CM-6(a)
- PCI-DSS-Req-10.5
- PCI-DSSv4-10.3.1
- file_permissions_var_log_audit
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- restrict_strategy
- name: Set default log_file if not set
set_fact:
log_file: /var/log/audit/audit.log
when:
- '"audit" in ansible_facts.packages'
- ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
- (log_file_exists is skipped) or (log_file_exists is undefined) or (log_file_exists.stdout
| length == 0)
tags:
- CJIS-5.4.1.1
- NIST-800-171-3.3.1
- NIST-800-53-AC-6(1)
- NIST-800-53-AU-9(4)
- NIST-800-53-CM-6(a)
- PCI-DSS-Req-10.5
- PCI-DSSv4-10.3.1
- file_permissions_var_log_audit
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- restrict_strategy
- name: Set log_file from log_file_line if not set already
set_fact:
log_file: '{{ log_file_line.stdout | trim }}'
when:
- '"audit" in ansible_facts.packages'
- ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
- (log_file_exists is not skipped) and (log_file_line.stdout is defined) and (log_file_line.stdout
| length > 0)
tags:
- CJIS-5.4.1.1
- NIST-800-171-3.3.1
- NIST-800-53-AC-6(1)
- NIST-800-53-AU-9(4)
- NIST-800-53-CM-6(a)
- PCI-DSS-Req-10.5
- PCI-DSSv4-10.3.1
- file_permissions_var_log_audit
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- restrict_strategy
- name: Apply mode to log file
file:
path: '{{ log_file }}'
mode: 384
failed_when: false
when:
- '"audit" in ansible_facts.packages'
- ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
- CJIS-5.4.1.1
- NIST-800-171-3.3.1
- NIST-800-53-AC-6(1)
- NIST-800-53-AU-9(4)
- NIST-800-53-CM-6(a)
- PCI-DSS-Req-10.5
- PCI-DSSv4-10.3.1
- file_permissions_var_log_audit
- low_complexity
- low_disruption
- medium_severity
- no_reboot_needed
- restrict_strategy
Show more