e57593dfd4
With the upcoming changes to rebase onto the RHEL 7 STIG controls, there needs to be a new solution for documentation that is easier to manage and filter. This patch automates the generation of the STIG control documentation in the following way: * A Sphinx extension runs early in the doc build process that writes all of the individual STIG control docs as well as ToC pages. * ToC pages are now sorted by severity, tag, and implementation status. * A giant listing of controls is easier to navigate now. * Docs are generated from metadata in the /doc/metadata directory. New documentation only needs to be added there. (Will explain this in the developer notes in a subsequent patch.) Implements: blueprint security-rhel7-stig Change-Id: I455af1121049f52193e98e2c9cb1ba5d4c292386
1.0 KiB
---id: V-38468 status: implemented tag: misc ---
The default configuration for disk_full_action is
SUSPEND, which only suspends audit logging. Suspending
audit logging can lead to security problems because the system is no
longer keeping track of which syscalls were made.
The security role sets the configuration to SYSLOG so
that messages are sent to syslog when the disk is full. If syslog
messages are being sent to remote servers, these log messages should
alert an administrator about the disk being full. There are additional
options available, like EXEC, SINGLE or
HALT.
To configure a different disk_full_action, set the
following Ansible variable:
security_disk_full_action: SYSLOGFor details on available settings and what they do, run
man auditd.conf. Some options can cause the host to go
offline until the issue is fixed. Deployers are urged to
carefully read the auditd documentation prior to
changing the disk_full_action setting from the default.