Skip to content

Commit aacafc0

Browse files
committed
RAN Hardening - Auditd Configuration (M9)
Compliance remediation for OCP 4.22+ (M9).
1 parent 78962de commit aacafc0

2 files changed

Lines changed: 34 additions & 0 deletions

File tree

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
apiVersion: machineconfiguration.openshift.io/v1
2+
kind: MachineConfig
3+
metadata:
4+
name: 75-auditd-configuration-master
5+
labels:
6+
machineconfiguration.openshift.io/role: master
7+
spec:
8+
config:
9+
ignition:
10+
version: 3.5.0
11+
storage:
12+
files:
13+
- path: /etc/audit/auditd.conf
14+
mode: 416
15+
overwrite: true
16+
contents:
17+
source: "data:,%23%0A%23%20This%20file%20controls%20the%20configuration%20of%20the%20audit%20daemon%0A%23%0A%0Alocal_events%20=%20yes%0Awrite_logs%20=%20yes%0Alog_file%20=%20%2Fvar%2Flog%2Faudit%2Faudit.log%0Alog_group%20=%20root%0Alog_format%20=%20ENRICHED%0Aflush%20=%20incremental_async%0Afreq%20=%2050%0Amax_log_file%20=%206%0Anum_logs%20=%205%0Apriority_boost%20=%204%0Aname_format%20=%20hostname%0A%23%23name%20=%20mydomain%0Amax_log_file_action%20=%20rotate%0Aspace_left%20=%20100%0Aspace_left_action%20=%20syslog%0Averify_email%20=%20yes%0Aaction_mail_acct%20=%20root%0Aadmin_space_left%20=%2050%0Aadmin_space_left_action%20=%20syslog%0Adisk_full_action%20=%20syslog%0Adisk_error_action%20=%20syslog%0Ause_libwrap%20=%20yes%0A%23%23tcp_listen_port%20=%2060%0Atcp_listen_queue%20=%205%0Atcp_max_per_addr%20=%201%0A%23%23tcp_client_ports%20=%201024-65535%0Atcp_client_max_idle%20=%200%0Atransport%20=%20TCP%0Akrb5_principal%20=%20auditd%0A%23%23krb5_key_file%20=%20%2Fetc%2Faudit%2Faudit.key%0Adistribute_network%20=%20no%0Aq_depth%20=%20400%0Aoverflow_action%20=%20syslog%0Amax_restarts%20=%2010%0Aplugin_dir%20=%20%2Fetc%2Faudit%2Fplugins.d"
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
apiVersion: machineconfiguration.openshift.io/v1
2+
kind: MachineConfig
3+
metadata:
4+
name: 75-auditd-configuration-worker
5+
labels:
6+
machineconfiguration.openshift.io/role: worker
7+
spec:
8+
config:
9+
ignition:
10+
version: 3.5.0
11+
storage:
12+
files:
13+
- path: /etc/audit/auditd.conf
14+
mode: 416
15+
overwrite: true
16+
contents:
17+
source: "data:,%23%0A%23%20This%20file%20controls%20the%20configuration%20of%20the%20audit%20daemon%0A%23%0A%0Alocal_events%20=%20yes%0Awrite_logs%20=%20yes%0Alog_file%20=%20%2Fvar%2Flog%2Faudit%2Faudit.log%0Alog_group%20=%20root%0Alog_format%20=%20ENRICHED%0Aflush%20=%20incremental_async%0Afreq%20=%2050%0Amax_log_file%20=%206%0Anum_logs%20=%205%0Apriority_boost%20=%204%0Aname_format%20=%20hostname%0A%23%23name%20=%20mydomain%0Amax_log_file_action%20=%20rotate%0Aspace_left%20=%20100%0Aspace_left_action%20=%20syslog%0Averify_email%20=%20yes%0Aaction_mail_acct%20=%20root%0Aadmin_space_left%20=%2050%0Aadmin_space_left_action%20=%20syslog%0Adisk_full_action%20=%20syslog%0Adisk_error_action%20=%20syslog%0Ause_libwrap%20=%20yes%0A%23%23tcp_listen_port%20=%2060%0Atcp_listen_queue%20=%205%0Atcp_max_per_addr%20=%201%0A%23%23tcp_client_ports%20=%201024-65535%0Atcp_client_max_idle%20=%200%0Atransport%20=%20TCP%0Akrb5_principal%20=%20auditd%0A%23%23krb5_key_file%20=%20%2Fetc%2Faudit%2Faudit.key%0Adistribute_network%20=%20no%0Aq_depth%20=%20400%0Aoverflow_action%20=%20syslog%0Amax_restarts%20=%2010%0Aplugin_dir%20=%20%2Fetc%2Faudit%2Fplugins.d"

0 commit comments

Comments
 (0)