Make action_mail_acct configurable in auditd (#631)

Signed-off-by: Nejc Habjan <nejc.habjan@siemens.com>

roles/os_hardening/README.md

@@ -333,6 +333,9 @@ We know that this is the case on Raspberry Pi.
 - `os_auditd_space_left_action`
   - Default: SYSLOG
   - Description: This parameter tells the system what action to take when the system has detected that it is starting to get low on disk space.
+- `os_auditd_action_mail_acct`
+  - Default: root
+  - Description: If `space_left_action` or `admin_space_left_action` are set to `email`, uses the address or alias to send the email using `/usr/lib/sendmail`. If the address or alias is not local, requires email properly configured on the machine and network.
 - `os_auditd_log_format`
   - Default: `RAW`
   - Description: The log format describes how the information should be stored on disk. There are 2 options: raw and enriched. If set to `RAW`, the audit records will be stored in a format exactly as the kernel sends it. The `ENRICHED` option will resolve all uid, gid, syscall, architecture, and socket address information before writing the event to disk. This aids in making sense of events created on one system but reported/analyzed on another system.

roles/os_hardening/defaults/main.yml

@@ -341,6 +341,7 @@ os_auditd_space_left_action: SYSLOG
 os_auditd_admin_space_left_action: SUSPEND
 os_auditd_disk_full_action: SUSPEND
 os_auditd_disk_error_action: SUSPEND
+os_auditd_action_mail_acct: root
 os_auditd_log_group: root
 os_auditd_num_logs: 5
 

roles/os_hardening/templates/etc/audit/auditd.conf.j2

@@ -15,7 +15,7 @@ max_log_file = {{ os_auditd_max_log_file }}
 max_log_file_action = {{ os_auditd_max_log_file_action }}
 space_left = {{ os_auditd_space_left }}
 space_left_action = {{ os_auditd_space_left_action }}
-action_mail_acct = root
+action_mail_acct = {{ os_auditd_action_mail_acct }}
 admin_space_left = {{ os_auditd_admin_space_left }}
 admin_space_left_action = {{ os_auditd_admin_space_left_action }}
 disk_full_action = {{ os_auditd_disk_full_action }}