scap-security-guide/SOURCES/scap-security-guide-0.1.58-ansible_missing_metadata-PR_7357.patch
2021-09-10 04:19:00 +00:00

51 lines
3.0 KiB
Diff

From 5d4726bb609f463956c03909891f8fbd1975d222 Mon Sep 17 00:00:00 2001
From: Milan Lysonek <mlysonek@redhat.com>
Date: Mon, 9 Aug 2021 14:00:19 +0200
Subject: [PATCH] Add missing ansible remediation metadata
---
.../auditd_overflow_action/ansible/shared.yml | 4 ++++
.../ansible/shared.yml | 4 ++++
.../ansible/shared.yml | 4 ++++
3 files changed, 12 insertions(+)
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
index 166054a95a..e1569b2254 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
@@ -1,4 +1,8 @@
# platform = multi_platform_fedora,multi_platform_rhel
+# reboot = false
+# strategy = restrict
+# complexity = low
+# disruption = low
{{{ ansible_set_config_file(file="/etc/audit/auditd.conf",
parameter="overflow_action",
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml
index 2d6c5227a8..bbd27a0061 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml
@@ -1,4 +1,8 @@
# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# reboot = false
+# strategy = configure
+# complexity = low
+# disruption = low
{{{ ansible_set_config_file(file="/etc/rsyslog.d/encrypt.conf",
parameter="\$ActionSendStreamDriverMode", value="1", create=true, separator=" ", separator_regex=" ")
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml
index 2ddbfb871f..b215daaef4 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml
@@ -1,4 +1,8 @@
# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# reboot = false
+# strategy = configure
+# complexity = low
+# disruption = low
{{{ ansible_set_config_file(file="/etc/rsyslog.d/encrypt.conf",
parameter="\$DefaultNetstreamDriver", value="gtls", create=true, separator=" ", separator_regex=" ")