add restart-auditd handler as after configuration change (e.g. of os_auditd_max_log_file_action) you need to restart. Sadly on rhel7 systems you cannot use systemd. And as debian derivates use service as alias and it works I kept it that simple. also adding 'auditd'-tag to make it easy only run that config change if needed.

Signed-off-by: Felix Herzog <snoopotic@gmail.com>
2024-11-10 09:14:18 +00:00 · 2020-02-13 14:15:32 +01:00 · 2020-02-13 14:15:32 +01:00 · eca93cc80b
commit eca93cc80b
parent 9614273653
2 changed files with 8 additions and 0 deletions
--- a/roles/os_hardening/handlers/main.yml
+++ b/roles/os_hardening/handlers/main.yml
@ -1,3 +1,8 @@
 ---
 - name: update-initramfs
  command: 'update-initramfs -u'
+
+- name: restart-auditd
+  command:
+    cmd: 'service auditd restart' # rhel: see: https://access.redhat.com/solutions/2664811
+    warn: no # sadly 'service' module fails in that case also by using 'use: service'
--- a/roles/os_hardening/tasks/auditd.yml
+++ b/roles/os_hardening/tasks/auditd.yml
@ -3,6 +3,7 @@
  package:
    name: '{{ auditd_package }}'
    state: 'present'
+  tags: auditd

 - name: configure auditd | package-08
  template:
@ -11,3 +12,5 @@
    owner: 'root'
    group: 'root'
    mode: '0640'
+  notify: 'restart-auditd'
+  tags: auditd