Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add restart-auditd handler after configuration change #427

Merged
merged 5 commits into from
Mar 29, 2021
Merged

add restart-auditd handler after configuration change #427

merged 5 commits into from
Mar 29, 2021

Conversation

rndmh3ro
Copy link
Member

@rndmh3ro rndmh3ro commented Mar 19, 2021
edited by schurzi
Loading

(e.g. of os_auditd_max_log_file_action) you need to restart. Sadly on rhel7 systems you cannot use systemd. And as debian derivates use service as alias and it works I kept it that simple. also adding 'auditd'-tag to make it easy only run that config change if needed.

Signed-off-by: Felix Herzog snoopotic@gmail.com

This is a copy of PR #260, because the other one was too hard to rebase.

@snoopotic
add restart-auditd handler as after configuration change (e.g. of os_…
eca93cc 
…auditd_max_log_file_action) you need to restart. Sadly on rhel7 systems you cannot use systemd. And as debian derivates use service as alias and it works I kept it that simple. also adding 'auditd'-tag to make it easy only run that config change if needed.

Signed-off-by: Felix Herzog <snoopotic@gmail.com>
@rndmh3ro rndmh3ro requested a review from schurzi March 19, 2021 13:44
@rndmh3ro rndmh3ro mentioned this pull request Mar 19, 2021
Closed
fix linting
390f7ad 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
@schurzi schurzi changed the title add restart-auditd handler as after configuration change (e.g. of os_… add restart-auditd handler after configuration change Mar 21, 2021
@schurzi
Copy link
Contributor

schurzi commented Mar 21, 2021

Trying to restart Audit breaks our CI, because Auditd can not be started inside a container. Maybe exclude Audit from CI configuration?

Messages from Logfile:

-- Subject: Unit auditd.service has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit auditd.service has begun starting up.
Mar 21 13:53:01 27d95dece8d6 auditd[2297]: The disp_qos option is deprecated - line 13
Mar 21 13:53:01 27d95dece8d6 auditd[2297]: The dispatcher option is deprecated - line 14
Mar 21 13:53:01 27d95dece8d6 auditd[2297]: Cannot change priority (Operation not permitted)
Mar 21 13:53:01 27d95dece8d6 auditd[2297]: The audit daemon is exiting.
Mar 21 13:53:01 27d95dece8d6 systemd[1]: auditd.service: Control process exited, code=exited status=1
Mar 21 13:53:01 27d95dece8d6 systemd[1]: auditd.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- The unit auditd.service has entered the 'failed' state with result 'exit-code'.
Mar 21 13:53:01 27d95dece8d6 systemd[1]: Failed to start Security Auditing Service.
-- Subject: Unit auditd.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit auditd.service has failed.
--
-- The result is failed.
Mar 21 13:56:07 27d95dece8d6 systemd[1]: Starting Security Auditing Service...
-- Subject: Unit auditd.service has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit auditd.service has begun starting up.
Mar 21 13:56:07 27d95dece8d6 auditd[2333]: The disp_qos option is deprecated - line 13
Mar 21 13:56:07 27d95dece8d6 auditd[2333]: The dispatcher option is deprecated - line 14
Mar 21 13:56:07 27d95dece8d6 auditd[2334]: Error - audit support not in kernel
Mar 21 13:56:07 27d95dece8d6 auditd[2334]: Cannot open netlink audit socket
Mar 21 13:56:07 27d95dece8d6 auditd[2334]: The audit daemon is exiting.
Mar 21 13:56:07 27d95dece8d6 auditd[2333]: Cannot daemonize (Success)
Mar 21 13:56:07 27d95dece8d6 auditd[2333]: The audit daemon is exiting.
Mar 21 13:56:07 27d95dece8d6 systemd[1]: auditd.service: Control process exited, code=exited status=1
Mar 21 13:56:07 27d95dece8d6 systemd[1]: auditd.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- The unit auditd.service has entered the 'failed' state with result 'exit-code'.
Mar 21 13:56:07 27d95dece8d6 systemd[1]: Failed to start Security Auditing Service.
-- Subject: Unit auditd.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit auditd.service has failed.
--
-- The result is failed.

skip auditd restart in molecule tests
ae68f73 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
@schurzi schurzi added the patch label Mar 29, 2021
Sebastian Gumprich added 2 commits March 29, 2021 10:00
skip auditd restart in molecule tests
812c6c5 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
use cinc exec supermarket instead of github
458dfa2 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
@schurzi schurzi merged commit 2882a15 into master Mar 29, 2021
@schurzi schurzi deleted the snoopotic-fix/add_auditd_restart_handler branch March 29, 2021 19:15
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@schurzi
Merge pull request dev-sec#427 from dev-sec/snoopotic-fix/add_auditd_…
cd07ed1 
…restart_handler

add restart-auditd handler after configuration change
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schurzi schurzi Awaiting requested review from schurzi

Assignees
No one assigned
Labels
mysql_hardening nginx_hardening os_hardening patch ssh_hardening
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rndmh3ro @schurzi @snoopotic