1335d0b0df
This patch adds documentation for the audit rule changes found in: https://review.openstack.org/395783 Implements: blueprint security-rhel7-stig Change-Id: I7e30f10fa0a80824cca70c6a4d77488d28573f92
19 lines
366 B
ReStructuredText
19 lines
366 B
ReStructuredText
---
|
|
id: RHEL-07-030560
|
|
status: implemented
|
|
tag: auditd
|
|
---
|
|
|
|
The tasks add a rule to auditd that logs each time the ``pt_chown`` command
|
|
is used.
|
|
|
|
Deployers can opt-out of this change by setting an Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_rhel7_audit_pt_chown: no
|
|
|
|
.. note::
|
|
|
|
No action is taken on Ubuntu 16.04 because ``pt_chown`` is not available.
|