dccce1d5cc
This patch gets the docs adjusted to work with the new RHEL 7 STIG version 1 release. The new STIG release has changed all of the numbering, but it maintains a link to (most) of the old STIG IDs in the XML. Closes-bug: 1676865 Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
30 lines
987 B
ReStructuredText
30 lines
987 B
ReStructuredText
---
|
|
id: V-72081
|
|
status: implemented
|
|
tag: auditd
|
|
---
|
|
|
|
The audit daemon takes various actions when there is an auditing failure. There
|
|
are three options for the ``-f`` flag for ``auditctl``:
|
|
|
|
* ``0``: In the event of an auditing failure, do nothing.
|
|
* ``1``: In the event of an auditing failure, write messages to the kernel log.
|
|
* ``2``: In the event of an auditing failure, cause a kernel panic.
|
|
|
|
Most operating systems set the failure flag to ``1`` by default, which
|
|
maximizes system availability while still causing an alert. The tasks in the
|
|
security role set the flag to ``1`` by default.
|
|
|
|
Deployers can adjust the following Ansible variable to customize the failure
|
|
flag:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_rhel7_audit_failure_flag: 1
|
|
|
|
.. warning::
|
|
|
|
Setting the failure flag to ``2`` is **strongly** discouraged unless the
|
|
security of the system takes priority over its availability. Any failure in
|
|
auditing causes a kernel panic and the system requires a hard reboot.
|