7b313ee1bc
This patch fixes the auditd rules template so that AppArmor and SELinux policy modifications are logged, depending on which Linux distribution is in use. The security_audit_apparmor_changes variable has been renamed to security_audit_mac_changes to be more generic. Documentation updates and a release note are included. Closes-bug: 1584187 Change-Id: I0955e2cb8a05af4afd36aaca518322a9df6d1ff7
332 B
332 B
For Ubuntu, rules are added to auditd that will log any changes made
in the /etc/apparmor directory.
For CentOS, rules are added to auditd that will log any changes made
in the /etc/selinux directory.
To opt-out of this change, set the following Ansible variable:
security_audit_mac_changes: no