auditd icon indicating copy to clipboard operation
auditd copied to clipboard

Published 20 hours ago verified publisher icon chef-cookbooks

Handle immutability of config

Open james-stocks opened this issue 6 years ago • 1 comments

This cookbook (at least if you set the cis rules) will include -e 2 config, making the auditd config immutable.

This means that if the cookbook is run repeatedly in Chef runs; the notified restart of the auditd service will have no effect on the current config. When auditd is configured to be immutable; a restart of the host is needed.

This cookbook should possibly do something to address this. Maybe a warning/failure if this happens. Maybe control over the immutability through attributes. I think we can notify the host to reboot if needed; but this should definitely be attribute controlled and disabled by default!

james-stocks avatar Jul 10 '18 13:07 james-stocks

Agreed. We had to duplicate the service 'auditd' resource and add an ignore_failure to it in a wrapper cookbook as a workaround.

jblaine avatar Dec 11 '19 18:12 jblaine