restart auditd fails when -e 2 is set

dsglaser / cis-security

Playbooks to implement Center for Internet Security (CIS) controls for RHEL (7-9), RHEL Clones, Ubuntu (18.04-22.04), and Microsoft Windows (10, Server 2019)

Other

90 stars 63 forks source link

restart auditd fails when -e 2 is set #77

Open divansantana opened 1 year ago

divansantana commented 1 year ago

In the case of auditing system be locked, with -e 2 flag, then the handler fails to execute and the playbook is marked as failed.

I think setting ignore_errors: True would be better.

dsglaser commented 1 year ago

ignoring errors in Ansible is generally frowned upon. What are you referring to in that the 'auditing system be locked'?

Thanks, Dave

divansantana commented 1 year ago

It seems the auditing system is locked with the -e 2. So doing a restart auditd fails AFAIK, because it requires a system restart to load the new changes.