Define a complete security baseline and monitor the baseline's rules. The definition of the baseline should be done in Hiera. The purpose of the module is to give the ability to setup a complete security baseline which not necessarily have to stick to industry security guides like the CIS benchmarks.
Apache License 2.0
18
stars
11
forks
source link
auditd - Record Information on Kernel Modules Loading and Unloading missing 32-bit #69
I am failing this rule:
init_module,finit_module,delete_module,create_module,query_module
class { 'cis_security_hardening::rules::auditd_kernel_modules': enforce => true, }
-a always,exit -F arch=b64 -S init_module,finit_module,delete_module,create_module,query_module -F auid>=1000 -F auid!=4294967295 -k kernel_modules
it is failing because no for 32bit. I can use the auditd_init_module and auditd_delete_module, but it has no own classes for create, finit, and query.