Skip to main content

AUDIT.YML

 ---
- name: Update auditd.conf and restart auditd service
  hosts: all
  become: yes
  tasks:

    - name: Ensure the line 'disk_full_action = halt' exists in auditd.conf
      lineinfile:
        path: /etc/audit/auditd.conf
        regexp: '^disk_full_action'
        line: 'disk_full_action = halt'
        state: present
      register: disk_full_action_changed

    - name: Ensure the line 'disk_error_action = halt' exists in auditd.conf
      lineinfile:
        path: /etc/audit/auditd.conf
        regexp: '^disk_error_action'
        line: 'disk_error_action = halt'
        state: present
      register: disk_error_action_changed

    - name: Restart the auditd service
      service:
        name: auditd
        state: restarted
      when: disk_full_action_changed.changed or disk_error_action_changed.changed

Comments

Post a Comment

Popular posts from this blog

Command for finding process using too much CPU

Command for finding process using too much CPU   Try doing this : top - b - n1 - c   And if you want the process that takes the most %CPU times : top - b - n1 - c | awk '/PID *USER/{print;getline;print}' or top - b - n1 - c | grep - A 2 '^$'       Or using a few other utils you could do: ps aux | sort - rk 3 , 3 | head - n 5   Change the value of head to get the number of processes you want to see.
Post a Comment
Read more

User account Lock/Unlock / Disable and enable

User account Lock/Unlock / Disable and enable Ex - Username - testing Lock command =---------- passwd -l testing or usermod -L testing unlock command ================= passwd -u testing or usermod -U testing Disable and Enable ==================== The following will lock an account Code: passwd -l testing You could also change the users shell to /bin/false if you don't want them to log in Code: usermod -s /bin/false testing Enable the account usermod -s /bin/bash tesing
Post a Comment
Read more