From 439cd3d776998f601daa80a737ab9e5380d1ab73 Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Tue, 6 Dec 2016 08:32:38 -0600
Subject: [PATCH] Enable/start auditd [+Docs]

This patch adds a task to start auditd and ensure it starts at boot-up.

Documentation is included.

Implements: blueprint security-rhel7-stig
Change-Id: I16e4788268ef862e7cfb5bce4fbc43808be3e9c6
---
 doc/metadata/rhel7/RHEL-07-030010.rst |  7 ++++---
 tasks/rhel7stig/auditd.yml            | 12 ++++++++++++
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/doc/metadata/rhel7/RHEL-07-030010.rst b/doc/metadata/rhel7/RHEL-07-030010.rst
index a2ba0cbd..27973ff3 100644
--- a/doc/metadata/rhel7/RHEL-07-030010.rst
+++ b/doc/metadata/rhel7/RHEL-07-030010.rst
@@ -1,7 +1,8 @@
 ---
 id: RHEL-07-030010
-status: not implemented
-tag: misc
+status: implemented
+tag: auditd
 ---
 
-This STIG requirement is not yet implemented.
+The tasks in the security role start the audit daemon immediately and ensure
+that it starts at boot time.
diff --git a/tasks/rhel7stig/auditd.yml b/tasks/rhel7stig/auditd.yml
index 62a90fd4..157708dd 100644
--- a/tasks/rhel7stig/auditd.yml
+++ b/tasks/rhel7stig/auditd.yml
@@ -134,3 +134,15 @@
     - RHEL-07-030674
     - RHEL-07-030710
     - RHEL-07-030090
+
+- name: Ensure auditd is running and enabled at boot time
+  service:
+    name: auditd
+    state: started
+    enabled: yes
+  when:
+    - auditd_conf.stat.exists
+  tags:
+    - high
+    - auditd
+    - RHEL-07-030010