fa2800419e
This patch migrates all of the remaining non-unique variable names in the security role to a pattern that begins with `security_*`. This will reduce potential variable collisions with other roles. This is a breaking change for deployers and users who are moving from the liberty or stable/mitaka branches to master. Release notes are included with additional details to help with the transition. Closes-Bug: 1578326 Change-Id: Ib716e81e6fed971b21dc5579ae1a871736e21189
644 B
644 B
Exception
The STIG requires that the audit system must switch the entire system into single-user mode when the space for logging becomes dangerously low.
This will cause serious service disruptions for any environment and should only be enabled for extremely high security environments.
Ubuntu sets security_admin_space_left_action to
SUSPEND by default, and this will cause logging to be
temporarily suspended until disk space is freed.
For extremely high security environments, this Ansible variable can be provided to meet the requirements of the STIG:
security_admin_space_left_action: SINGLE