openstack/ansible-hardening
Code Issues Proposed changes

Add /etc/apparmor.d/ for auditing

Browse Source 
As noted in https://review.openstack.org/319438 , the /etc/apparmor.d/
directory was missing from the auditd rules applied for V-38541.

Change-Id: I564b72d103fa13af4562e4b21d68ef6097cecf37
This commit is contained in:
Major Hayden 2016-05-23 08:03:50 -05:00
parent 7b313ee1bc
commit 40634db731
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
templates/osas-auditd.j2
View File

@ -52,6 +52,7 @@
# RHEL 6 STIG V-38541
# Audits changes to AppArmor policies
-w /etc/apparmor/ -p wa -k MAC-policy
-w /etc/apparmor.d/ -p wa -k MAC-policy
{% endif %}
{% if linux_security_module == 'selinux' and security_audit_mac_changes | bool %}