From 60a820502798b818c3985d6c037a1b4e81a735d3 Mon Sep 17 00:00:00 2001 From: Major Hayden Date: Mon, 14 Nov 2016 15:24:13 -0600 Subject: [PATCH] [Docs] Refactor auditd rules This patch adds documentation for: https://review.openstack.org/397334 Implements: blueprint security-rhel7-stig Change-Id: I5dc47cae51321c35592451030c54b2875c46be45 --- doc/metadata/rhel7/RHEL-07-030380.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030381.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030382.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030383.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030390.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030391.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030392.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030400.rst | 14 +++++++++++--- doc/metadata/rhel7/RHEL-07-030401.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030402.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030403.rst | 14 +++++++++++--- doc/metadata/rhel7/RHEL-07-030404.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030405.rst | 23 ++++++++++++++++++++--- doc/metadata/rhel7/RHEL-07-030420.rst | 14 +++++++++++--- doc/metadata/rhel7/RHEL-07-030421.rst | 14 +++++++++++--- doc/metadata/rhel7/RHEL-07-030422.rst | 14 +++++++++++--- doc/metadata/rhel7/RHEL-07-030423.rst | 14 +++++++++++--- doc/metadata/rhel7/RHEL-07-030424.rst | 14 +++++++++++--- doc/metadata/rhel7/RHEL-07-030425.rst | 14 +++++++++++--- doc/metadata/rhel7/RHEL-07-030441.rst | 12 +++++++++--- doc/metadata/rhel7/RHEL-07-030442.rst | 12 +++++++++--- doc/metadata/rhel7/RHEL-07-030443.rst | 13 ++++++++++--- doc/metadata/rhel7/RHEL-07-030444.rst | 13 ++++++++++--- doc/metadata/rhel7/RHEL-07-030490.rst | 7 ++++++- doc/metadata/rhel7/RHEL-07-030670.rst | 5 ++--- doc/metadata/rhel7/RHEL-07-030671.rst | 5 ++--- doc/metadata/rhel7/RHEL-07-030750.rst | 5 ++--- doc/metadata/rhel7/RHEL-07-030751.rst | 5 ++--- doc/metadata/rhel7/RHEL-07-030752.rst | 5 ++--- 29 files changed, 362 insertions(+), 85 deletions(-) diff --git a/doc/metadata/rhel7/RHEL-07-030380.rst b/doc/metadata/rhel7/RHEL-07-030380.rst index bc34ec10..3cb7c321 100644 --- a/doc/metadata/rhel7/RHEL-07-030380.rst +++ b/doc/metadata/rhel7/RHEL-07-030380.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030380 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``chown`` syscalls are audited, but this +change creates a significant increase in logging on most systems. This increase +can cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_chown: yes + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030381.rst b/doc/metadata/rhel7/RHEL-07-030381.rst index 636f019b..5b56e990 100644 --- a/doc/metadata/rhel7/RHEL-07-030381.rst +++ b/doc/metadata/rhel7/RHEL-07-030381.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030381 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``fchown`` syscalls are audited, but this +change creates a significant increase in logging on most systems. This increase +can cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_fchown: yes + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030382.rst b/doc/metadata/rhel7/RHEL-07-030382.rst index 26f94a6c..56bf6468 100644 --- a/doc/metadata/rhel7/RHEL-07-030382.rst +++ b/doc/metadata/rhel7/RHEL-07-030382.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030382 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``lchown`` syscalls are audited, but this change +creates a significant increase in logging on most systems. This increase can +cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_lchown: yes + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030383.rst b/doc/metadata/rhel7/RHEL-07-030383.rst index 1a68dd6d..1804e953 100644 --- a/doc/metadata/rhel7/RHEL-07-030383.rst +++ b/doc/metadata/rhel7/RHEL-07-030383.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030383 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``fchownat`` syscalls are audited, but this +change creates a significant increase in logging on most systems. This increase +can cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_fchownat: yes + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030390.rst b/doc/metadata/rhel7/RHEL-07-030390.rst index f5b5f109..363fbbde 100644 --- a/doc/metadata/rhel7/RHEL-07-030390.rst +++ b/doc/metadata/rhel7/RHEL-07-030390.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030390 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``chmod`` syscalls are audited, but this +change creates a significant increase in logging on most systems. This increase +can cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_chmod: yes + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030391.rst b/doc/metadata/rhel7/RHEL-07-030391.rst index f96f7c36..5486e994 100644 --- a/doc/metadata/rhel7/RHEL-07-030391.rst +++ b/doc/metadata/rhel7/RHEL-07-030391.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030391 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``fchmod`` syscalls are audited, but this +change creates a significant increase in logging on most systems. This increase +can cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_fchmod: yes + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030392.rst b/doc/metadata/rhel7/RHEL-07-030392.rst index c1272837..e1eec800 100644 --- a/doc/metadata/rhel7/RHEL-07-030392.rst +++ b/doc/metadata/rhel7/RHEL-07-030392.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030392 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``fchmodat`` syscalls are audited, but this +change creates a significant increase in logging on most systems. This increase +can cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_fchmodat: yes + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030400.rst b/doc/metadata/rhel7/RHEL-07-030400.rst index 6119e8a9..80493bc3 100644 --- a/doc/metadata/rhel7/RHEL-07-030400.rst +++ b/doc/metadata/rhel7/RHEL-07-030400.rst @@ -1,7 +1,15 @@ --- id: RHEL-07-030400 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +Rules are added to audit all ``setxattr`` syscalls on the system. + +Deployers can opt out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_setxattr: no + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030401.rst b/doc/metadata/rhel7/RHEL-07-030401.rst index 36e0df1a..bff71f37 100644 --- a/doc/metadata/rhel7/RHEL-07-030401.rst +++ b/doc/metadata/rhel7/RHEL-07-030401.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030401 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``fsetxattr`` syscalls are audited, but this +change creates a significant increase in logging on most systems. This increase +can cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_fsetxattr: yes + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030402.rst b/doc/metadata/rhel7/RHEL-07-030402.rst index eeaf8bd3..f7bf838d 100644 --- a/doc/metadata/rhel7/RHEL-07-030402.rst +++ b/doc/metadata/rhel7/RHEL-07-030402.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030402 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``lsetxattr`` syscalls are audited, but this change +creates a significant increase in logging on most systems. This increase can +cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_lsetxattr: no + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030403.rst b/doc/metadata/rhel7/RHEL-07-030403.rst index e1644a01..2db10ab4 100644 --- a/doc/metadata/rhel7/RHEL-07-030403.rst +++ b/doc/metadata/rhel7/RHEL-07-030403.rst @@ -1,7 +1,15 @@ --- id: RHEL-07-030403 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +Rules are added to audit all ``removexattr`` syscalls on the system. + +Deployers can opt out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_removexattr: no + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030404.rst b/doc/metadata/rhel7/RHEL-07-030404.rst index 2ab73368..a8429004 100644 --- a/doc/metadata/rhel7/RHEL-07-030404.rst +++ b/doc/metadata/rhel7/RHEL-07-030404.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030404 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``fremovexattr`` syscalls are audited, but this +change creates a significant increase in logging on most systems. This increase +can cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_fremovexattr: yes + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030405.rst b/doc/metadata/rhel7/RHEL-07-030405.rst index c0821ba3..f429a43e 100644 --- a/doc/metadata/rhel7/RHEL-07-030405.rst +++ b/doc/metadata/rhel7/RHEL-07-030405.rst @@ -1,7 +1,24 @@ --- id: RHEL-07-030405 -status: not implemented -tag: misc +status: opt-in +tag: auditd --- -This STIG requirement is not yet implemented. +The STIG requires that all ``lremovexattr`` syscalls are audited, but this +change creates a significant increase in logging on most systems. This increase +can cause some systems to run out of disk space for logs. + +.. warning:: + + This rule is disabled by default to avoid high CPU usage and disk space + exhaustion. Deployers should only enable this rule if they have tested it + thoroughly in a non-production environment with system health monitoring + enabled. + +Deployers can opt in for this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_lremovexattr: yes + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030420.rst b/doc/metadata/rhel7/RHEL-07-030420.rst index 4ad79533..c3bf5c7a 100644 --- a/doc/metadata/rhel7/RHEL-07-030420.rst +++ b/doc/metadata/rhel7/RHEL-07-030420.rst @@ -1,7 +1,15 @@ --- id: RHEL-07-030420 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +Rules are added to audit all ``creat`` syscalls on the system. + +Deployers can opt out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_creat: no + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030421.rst b/doc/metadata/rhel7/RHEL-07-030421.rst index a464c431..74d61220 100644 --- a/doc/metadata/rhel7/RHEL-07-030421.rst +++ b/doc/metadata/rhel7/RHEL-07-030421.rst @@ -1,7 +1,15 @@ --- id: RHEL-07-030421 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +Rules are added to audit all ``open`` syscalls on the system. + +Deployers can opt out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_open: no + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030422.rst b/doc/metadata/rhel7/RHEL-07-030422.rst index be9d9843..42943ef7 100644 --- a/doc/metadata/rhel7/RHEL-07-030422.rst +++ b/doc/metadata/rhel7/RHEL-07-030422.rst @@ -1,7 +1,15 @@ --- id: RHEL-07-030422 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +Rules are added to audit all ``openat`` syscalls on the system. + +Deployers can opt out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_openat: no + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030423.rst b/doc/metadata/rhel7/RHEL-07-030423.rst index 8f0447b0..6795d9c8 100644 --- a/doc/metadata/rhel7/RHEL-07-030423.rst +++ b/doc/metadata/rhel7/RHEL-07-030423.rst @@ -1,7 +1,15 @@ --- id: RHEL-07-030423 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +Rules are added to audit all ``open_by_handle_at`` syscalls on the system. + +Deployers can opt out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_open_by_handle_at: no + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030424.rst b/doc/metadata/rhel7/RHEL-07-030424.rst index f3b121b2..dd325386 100644 --- a/doc/metadata/rhel7/RHEL-07-030424.rst +++ b/doc/metadata/rhel7/RHEL-07-030424.rst @@ -1,7 +1,15 @@ --- id: RHEL-07-030424 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +Rules are added to audit all ``truncate`` syscalls on the system. + +Deployers can opt out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_truncate: no + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030425.rst b/doc/metadata/rhel7/RHEL-07-030425.rst index d0c199cc..9d9e7698 100644 --- a/doc/metadata/rhel7/RHEL-07-030425.rst +++ b/doc/metadata/rhel7/RHEL-07-030425.rst @@ -1,7 +1,15 @@ --- id: RHEL-07-030425 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +Rules are added to audit all ``ftruncate`` syscalls on the system. + +Deployers can opt out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_ftruncate: no + +This rule is compatible with x86, x86_64, and ppc64 architectures. diff --git a/doc/metadata/rhel7/RHEL-07-030441.rst b/doc/metadata/rhel7/RHEL-07-030441.rst index 1e870423..98aa0e48 100644 --- a/doc/metadata/rhel7/RHEL-07-030441.rst +++ b/doc/metadata/rhel7/RHEL-07-030441.rst @@ -1,7 +1,13 @@ --- id: RHEL-07-030441 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +Rules are added to audit any time the the ``semanage`` command is used. + +Deployers can opt out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_semanage: no diff --git a/doc/metadata/rhel7/RHEL-07-030442.rst b/doc/metadata/rhel7/RHEL-07-030442.rst index e5ae37a4..6fa95290 100644 --- a/doc/metadata/rhel7/RHEL-07-030442.rst +++ b/doc/metadata/rhel7/RHEL-07-030442.rst @@ -1,7 +1,13 @@ --- id: RHEL-07-030442 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +Rules are added to audit any time the the ``setsebool`` command is used. + +Deployers can opt out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_setsebool: no diff --git a/doc/metadata/rhel7/RHEL-07-030443.rst b/doc/metadata/rhel7/RHEL-07-030443.rst index 26b78941..91c61500 100644 --- a/doc/metadata/rhel7/RHEL-07-030443.rst +++ b/doc/metadata/rhel7/RHEL-07-030443.rst @@ -1,7 +1,14 @@ --- id: RHEL-07-030443 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +The tasks add a rule to auditd that logs each time the ``chcon`` command +is used. + +Deployers can opt-out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_chcon: no diff --git a/doc/metadata/rhel7/RHEL-07-030444.rst b/doc/metadata/rhel7/RHEL-07-030444.rst index c5c62aac..ce903b90 100644 --- a/doc/metadata/rhel7/RHEL-07-030444.rst +++ b/doc/metadata/rhel7/RHEL-07-030444.rst @@ -1,7 +1,14 @@ --- id: RHEL-07-030444 -status: not implemented -tag: misc +status: implemented +tag: auditd --- -This STIG requirement is not yet implemented. +The tasks add a rule to auditd that logs each time the ``restorecon`` command +is used. + +Deployers can opt-out of this change by setting an Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_restorecon: no diff --git a/doc/metadata/rhel7/RHEL-07-030490.rst b/doc/metadata/rhel7/RHEL-07-030490.rst index 998c1cc2..0b18f081 100644 --- a/doc/metadata/rhel7/RHEL-07-030490.rst +++ b/doc/metadata/rhel7/RHEL-07-030490.rst @@ -4,4 +4,9 @@ status: not implemented tag: misc --- -This STIG requirement is not yet implemented. +Rules are added to audit all successful and unsuccessful account access events. +Deployers can opt out of this change by setting the following Ansible variable: + +.. code-block:: yaml + + security_rhel7_audit_account_access: no diff --git a/doc/metadata/rhel7/RHEL-07-030670.rst b/doc/metadata/rhel7/RHEL-07-030670.rst index 4cc9bdb6..2dbd18c0 100644 --- a/doc/metadata/rhel7/RHEL-07-030670.rst +++ b/doc/metadata/rhel7/RHEL-07-030670.rst @@ -4,10 +4,9 @@ status: implemented tag: auditd --- -The tasks add a rule to auditd that logs each time the ``init_module`` command -is used. +Rules are added to audit all ``init_module`` syscalls on the system. -Deployers can opt-out of this change by setting an Ansible variable: +Deployers can opt out of this change by setting an Ansible variable: .. code-block:: yaml diff --git a/doc/metadata/rhel7/RHEL-07-030671.rst b/doc/metadata/rhel7/RHEL-07-030671.rst index c6edfe08..22e6f4b7 100644 --- a/doc/metadata/rhel7/RHEL-07-030671.rst +++ b/doc/metadata/rhel7/RHEL-07-030671.rst @@ -4,10 +4,9 @@ status: implemented tag: auditd --- -The tasks add a rule to auditd that logs each time the ``delete_module`` -command is used. +Rules are added to audit all ``delete_module`` syscalls on the system. -Deployers can opt-out of this change by setting an Ansible variable: +Deployers can opt out of this change by setting an Ansible variable: .. code-block:: yaml diff --git a/doc/metadata/rhel7/RHEL-07-030750.rst b/doc/metadata/rhel7/RHEL-07-030750.rst index 420fba6c..a60306c7 100644 --- a/doc/metadata/rhel7/RHEL-07-030750.rst +++ b/doc/metadata/rhel7/RHEL-07-030750.rst @@ -4,10 +4,9 @@ status: implemented tag: auditd --- -The tasks add a rule to auditd that logs each time the ``rename`` command is -used. +Rules are added to audit all ``rename`` syscalls on the system. -Deployers can opt-out of this change by setting an Ansible variable: +Deployers can opt out of this change by setting an Ansible variable: .. code-block:: yaml diff --git a/doc/metadata/rhel7/RHEL-07-030751.rst b/doc/metadata/rhel7/RHEL-07-030751.rst index 29308a5a..b398cb41 100644 --- a/doc/metadata/rhel7/RHEL-07-030751.rst +++ b/doc/metadata/rhel7/RHEL-07-030751.rst @@ -4,10 +4,9 @@ status: implemented tag: auditd --- -The tasks add a rule to auditd that logs each time the ``renameat`` command is -used. +Rules are added to audit all ``renameat`` syscalls on the system. -Deployers can opt-out of this change by setting an Ansible variable: +Deployers can opt out of this change by setting an Ansible variable: .. code-block:: yaml diff --git a/doc/metadata/rhel7/RHEL-07-030752.rst b/doc/metadata/rhel7/RHEL-07-030752.rst index 085021d0..3cbb404f 100644 --- a/doc/metadata/rhel7/RHEL-07-030752.rst +++ b/doc/metadata/rhel7/RHEL-07-030752.rst @@ -4,10 +4,9 @@ status: implemented tag: auditd --- -The tasks add a rule to auditd that logs each time the ``rmdir`` command is -used. +Rules are added to audit all ``rmdir`` syscalls on the system. -Deployers can opt-out of this change by setting an Ansible variable: +Deployers can opt out of this change by setting an Ansible variable: .. code-block:: yaml