2aca8287dc
This patch adds a task and handlers for enabling the audit daemon during the boot sequence to comply with V-38438. Deployers have the option to opt-out of the entire change, or they can apply the change without updating the active grub.cfg file. Change-Id: Ia8702b8439a5993516397363b21356f1216be403
593 B
593 B
The role will add audit=1 to the
GRUB_CMDLINE_LINUX_DEFAULT variable in the GRUB
configuration within /etc/default/grub.d/ and it will also
update the active grub.cfg so that the change takes effect
on the next boot.
To opt-out of the change, set the following variable:
security_enable_audit_during_boot: noDeployers may opt-in for the change without automatically updating
the active grub.cfg file by setting the following Ansible
variables:
security_enable_audit_during_boot: yes
security_enable_grub_update: no