Major Hayden bfcf6c7423 Initial import of openstack-ansible-security role
This role contains around 150 controls from the 270+ controls that exist
in the RHEL 6 STIG. New controls are still being added.

Implements: blueprint security-hardening

Change-Id: I0578f86bf42d55242bc72b97b40a5935a3cb18d6
2015-10-07 07:27:39 -05:00

723 B

Ubuntu's default for disk_error_action is SUSPEND, which actually only suspends audit logging. That could be a security issue, so SYSLOG is recommended and is set by default be openstack-ansible-security. There are additional options available, like EXEC, SINGLE or HALT.

To configure a different disk_error_action, set the following Ansible variable:

disk_error_action = SYSLOG

For details on available settings and what they do, run man auditd.conf. Some options can cause the host to go offline until the issue is fixed. Deployers are urged to carefully read the auditd documentation prior to changing the disk_error_action setting from the default.