dccce1d5cc
This patch gets the docs adjusted to work with the new RHEL 7 STIG version 1 release. The new STIG release has changed all of the numbering, but it maintains a link to (most) of the old STIG IDs in the XML. Closes-bug: 1676865 Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
987 B
987 B
---id: V-72081 status: implemented tag: auditd ---
The audit daemon takes various actions when there is an auditing
failure. There are three options for the -f flag for
auditctl:
0: In the event of an auditing failure, do nothing.1: In the event of an auditing failure, write messages to the kernel log.2: In the event of an auditing failure, cause a kernel panic.
Most operating systems set the failure flag to 1 by
default, which maximizes system availability while still causing an
alert. The tasks in the security role set the flag to 1 by
default.
Deployers can adjust the following Ansible variable to customize the failure flag:
security_rhel7_audit_failure_flag: 1Warning
Setting the failure flag to 2 is
strongly discouraged unless the security of the system
takes priority over its availability. Any failure in auditing causes a
kernel panic and the system requires a hard reboot.