Merge pull request #427 from dev-sec/snoopotic-fix/add_auditd_restart_handler

add restart-auditd handler after configuration change
2024-11-10 09:14:18 +00:00 · 2021-03-29 21:15:46 +02:00 · 2021-03-29 21:15:46 +02:00 · 2882a15ee1
commit 2882a15ee1
parent d1d12ca6d7 458dfa2b6a
6 changed files with 13 additions and 4 deletions
--- a/molecule/mysql_hardening/verify.yml
+++ b/molecule/mysql_hardening/verify.yml
@ -44,7 +44,7 @@
      shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
    - name: Execute cinc-auditor tests
-      command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/mysql-baseline.git"
+      command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/mysql-baseline"
      register: test_results
      changed_when: false
      ignore_errors: true
--- a/molecule/nginx_hardening/verify.yml
+++ b/molecule/nginx_hardening/verify.yml
@ -47,7 +47,7 @@
      shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
    - name: Execute cinc-auditor tests
-      command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/nginx-baseline.git"
+      command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/nginx-baseline"
      register: test_results
      changed_when: false
      ignore_errors: true
--- a/molecule/os_hardening/verify.yml
+++ b/molecule/os_hardening/verify.yml
@ -51,7 +51,7 @@
      shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
    - name: Execute cinc-auditor tests
-      command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/linux-baseline.git"
+      command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/linux-baseline"
      register: test_results
      changed_when: false
      ignore_errors: true
--- a/molecule/ssh_hardening/verify.yml
+++ b/molecule/ssh_hardening/verify.yml
@ -42,7 +42,7 @@
      shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
    - name: Execute cinc-auditor tests
-      command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/ssh-baseline.git"
+      command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit supermarket://dev-sec/nginx-baseline"
      register: test_results
      changed_when: false
      ignore_errors: true
--- a/roles/os_hardening/handlers/main.yml
+++ b/roles/os_hardening/handlers/main.yml
@ -1,3 +1,9 @@
 ---
 - name: Update-initramfs
  command: 'update-initramfs -u'
 - name: restart-auditd
  command:
    cmd: 'service auditd restart'  # rhel: see: https://access.redhat.com/solutions/2664811
    warn: false  # sadly 'service' module fails in that case also by using 'use: service'
  when: molecule_yml is not defined  # restarting auditd in a container does not work
--- a/roles/os_hardening/tasks/auditd.yml
+++ b/roles/os_hardening/tasks/auditd.yml
@ -3,6 +3,7 @@
  package:
    name: '{{ auditd_package }}'
    state: 'present'
  tags: auditd
 - name: Configure auditd | package-08
  template:
@ -11,3 +12,5 @@
    owner: 'root'
    group: 'root'
    mode: '0640'
  notify: 'restart-auditd'
  tags: auditd