60a8205027
This patch adds documentation for: https://review.openstack.org/397334 Implements: blueprint security-rhel7-stig Change-Id: I5dc47cae51321c35592451030c54b2875c46be45
735 B
735 B
---id: RHEL-07-030402 status: opt-in tag: auditd ---
The STIG requires that all lsetxattr syscalls are
audited, but this change creates a significant increase in logging on
most systems. This increase can cause some systems to run out of disk
space for logs.
Warning
This rule is disabled by default to avoid high CPU usage and disk space exhaustion. Deployers should only enable this rule if they have tested it thoroughly in a non-production environment with system health monitoring enabled.
Deployers can opt in for this change by setting the following Ansible variable:
security_rhel7_audit_lsetxattr: noThis rule is compatible with x86, x86_64, and ppc64 architectures.