f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
19 lines
689 B
ReStructuredText
19 lines
689 B
ReStructuredText
---
|
|
id: V-72071
|
|
status: implemented
|
|
tag: aide
|
|
---
|
|
|
|
CentOS 7 and Red Hat Enterprise Linux 7 already deploy a very secure AIDE
|
|
configuration that checks access control lists (ACLs) and extended attributes
|
|
by default. No configuration changes are applied on these systems.
|
|
|
|
However, Ubuntu lacks the rules that include ACL and extended attribute checks.
|
|
The tasks in the security role will add a small configuration block at the end
|
|
of the AIDE configuration file to meet the requirements of this STIG, as well
|
|
as V-72069.
|
|
|
|
openSUSE Leap and SUSE Linux Enterprise 12 also lack a rule to check ACLs and
|
|
extended attributes. The default configuration file is adjusted to include those
|
|
as well.
|