38 lines
722 B
YAML
38 lines
722 B
YAML
|
---
|
||
|
- name: Install auditd
|
||
|
apt:
|
||
|
name:
|
||
|
- auditd
|
||
|
- audispd-plugins
|
||
|
|
||
|
- name: Configure auditd and auditsp
|
||
|
template:
|
||
|
src: "{{ item }}.j2"
|
||
|
dest: "/etc/audit/{{ item }}"
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: u=r,g=,o=
|
||
|
loop:
|
||
|
- auditd.conf
|
||
|
- plugins.d/syslog.conf
|
||
|
- plugins.d/au-remote.conf
|
||
|
- plugins.d/af_unix.conf
|
||
|
- plugins.d/audispd-zos-remote.conf
|
||
|
notify: Restart auditd
|
||
|
|
||
|
- name: Configure auditd rules
|
||
|
template:
|
||
|
src: rules.d/audit.rules.j2
|
||
|
dest: /etc/audit/rules.d/audit.rules
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: u=r,g=,o=
|
||
|
notify: Reload auditd rules
|
||
|
|
||
|
- name: Enable auditd
|
||
|
systemd:
|
||
|
name: auditd.service
|
||
|
enabled: true
|
||
|
state: started
|
||
|
...
|