V-38637, V-3866{3,4,5}: Verify auditd pkg contents

Implements: blueprint security-hardening

Change-Id: I1e2cbebae26967c758db0e4f6c815e986fa43438
This commit is contained in:
Major Hayden 2015-10-08 16:32:54 -05:00
parent ce309a4f92
commit 1de3e672b4
5 changed files with 40 additions and 0 deletions

View File

@ -0,0 +1,6 @@
The auditd package is verified with ``debsums`` and the playbook will fail
immediately if any of the files from the auditd package have been altered.
This could be the sign of a system compromise.
If the ``debsums`` package isn't installed, the Ansible task will install it
during the playbook run.

View File

@ -0,0 +1 @@
V-38453.rst

View File

@ -0,0 +1 @@
V-38453.rst

View File

@ -0,0 +1 @@
V-38453.rst

View File

@ -72,6 +72,37 @@
- cat2
- V-38636
- name: Ensure debsums package is installed (for V-38637)
apt:
name: debsums
state: present
tags:
- auditd
- cat2
- V-38637
# The debsums command returns 0 if the files haven't been altered but it
# returns 2 otherwise. We also will check to see if auditd has been installed
# and fail if it's not installed.
- name: Checking auditd package contents for alterations with debsums (for V-38637)
shell: debsums auditd -c
register: v38637_result
changed_when: False
failed_when: "'not installed' in v38637_result.stdout"
tags:
- auditd
- cat2
- V-38637
- name: V-38637 - Contents of auditd package must be verified
fail:
msg: "FAILED: Could not verify that files from auditd package are unaltered"
when: v38637_result.rc == 2
tags:
- auditd
- cat2
- V-38637
- name: V-38445 - Audit log files must be group-owned by root
file:
dest: /var/log/audit/