
With the upcoming changes to rebase onto the RHEL 7 STIG controls, there needs to be a new solution for documentation that is easier to manage and filter. This patch automates the generation of the STIG control documentation in the following way: * A Sphinx extension runs early in the doc build process that writes all of the individual STIG control docs as well as ToC pages. * ToC pages are now sorted by severity, tag, and implementation status. * A giant listing of controls is easier to navigate now. * Docs are generated from metadata in the /doc/metadata directory. New documentation only needs to be added there. (Will explain this in the developer notes in a subsequent patch.) Implements: blueprint security-rhel7-stig Change-Id: I455af1121049f52193e98e2c9cb1ba5d4c292386
28 lines
1.0 KiB
ReStructuredText
28 lines
1.0 KiB
ReStructuredText
---
|
|
id: V-38468
|
|
status: implemented
|
|
tag: misc
|
|
---
|
|
|
|
The default configuration for ``disk_full_action`` is ``SUSPEND``, which only
|
|
suspends audit logging. Suspending audit logging can lead to security problems
|
|
because the system is no longer keeping track of which syscalls were made.
|
|
|
|
The security role sets the configuration to ``SYSLOG`` so that messages are
|
|
sent to syslog when the disk is full. If syslog messages are being sent to
|
|
remote servers, these log messages should alert an administrator about the disk
|
|
being full. There are additional options available, like ``EXEC``, ``SINGLE``
|
|
or ``HALT``.
|
|
|
|
To configure a different ``disk_full_action``, set the following
|
|
Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_disk_full_action: SYSLOG
|
|
|
|
For details on available settings and what they do, run ``man auditd.conf``.
|
|
Some options can cause the host to go offline until the issue is fixed.
|
|
Deployers are urged to **carefully read the auditd documentation** prior to
|
|
changing the ``disk_full_action`` setting from the default.
|