bfcf6c7423
This role contains around 150 controls from the 270+ controls that exist in the RHEL 6 STIG. New controls are still being added. Implements: blueprint security-hardening Change-Id: I0578f86bf42d55242bc72b97b40a5935a3cb18d6
723 B
723 B
Ubuntu's default for disk_error_action is
SUSPEND, which actually only suspends audit logging. That
could be a security issue, so SYSLOG is recommended and is
set by default be openstack-ansible-security. There are additional
options available, like EXEC, SINGLE or
HALT.
To configure a different disk_error_action, set the
following Ansible variable:
disk_error_action = SYSLOGFor details on available settings and what they do, run
man auditd.conf. Some options can cause the host to go
offline until the issue is fixed. Deployers are urged to
carefully read the auditd documentation prior to
changing the disk_error_action setting from the
default.