Code Review / ta / infra-ansible.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Initial commit
[ta/infra-ansible.git] / roles / audit / templates / 31-privileged-gen.rules.j2
diff --git a/roles/audit/templates/31-privileged-gen.rules.j2 b/roles/audit/templates/31-privileged-gen.rules.j2
new file mode 100644 (file)
index 0000000..7433add
--- /dev/null
+++ b/roles/audit/templates/31-privileged-gen.rules.j2
@@ -0,0 +1,31 @@
+## Generated privilaged rules
+-a always,exit -F path=/usr/bin/chage -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/gpasswd -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/newgrp -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/mount -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/su -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/sudo -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/umount -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/at -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/chfn -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/chsh -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/passwd -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/pkexec -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/crontab -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/fusermount -F perm=x -k privileged
+-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -k privileged
+-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -k privileged
+-a always,exit -F path=/usr/sbin/mount.nfs -F perm=x -k privileged
+-a always,exit -F path=/usr/sbin/usernetctl -F perm=x -k privileged
+-a always,exit -F path=/usr/bin/userhelper -F perm=x -k privileged
+-a always,exit -F path=/usr/sbin/semanage -F perm=x -k privileged-priv_change 
+-a always,exit -F path=/usr/sbin/setsebool -F perm=x -k privileged-priv_change
+-a always,exit -F path=/usr/bin/chcon -F perm=x -k privileged-priv_change
+-a always,exit -F path=/usr/sbin/restorecon -F perm=x -k privileged-priv_change
+-a always,exit -F path=/usr/bin/sudoedit -F perm=x -k privileged
+-a always,exit -F path=/usr/sbin/postdrop -F perm=x -k privileged
+-a always,exit -F path=/usr/sbin/postqueue -F perm=x -k privileged
+-a always,exit -F path=/usr/libexec/qemu-bridge-helper -F perm=x -k privileged
+-a always,exit -F path=/usr/libexec/dbus-1/dbus-daemon-launch-helper -F perm=x -k privileged
+-a always,exit -F path=/usr/lib/polkit-1/polkit-agent-helper-1 -F perm=x -k privileged
+-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -k privileged
This repository contains all the generic deployment playbooks, which configure services running directly on the host. Includes playbooks for disk partitioning, Ceph configuration, hardening, security, SSH, operating system level user management etc.