Navigation

← Previous Changeset
Next Changeset →

Changeset 217

Timestamp:

07/24/08 08:49:56 (4 months ago)

Author:

slawrence

Message:

Specify audit dispatcher in auditd.conf
Use different audit rules for 32-bit and 64-bit archs
Copy system-auth changes in kickstart to stigs and conf file
Fix installation of audit rules

Files:

trunk/RHEL5.2/RPM/clip.spec (modified) (1 diff)
trunk/RHEL5.2/conf/audit/Makefile (modified) (1 diff)
trunk/RHEL5.2/conf/audit/audit-i386.rules (added)
trunk/RHEL5.2/conf/audit/audit-x86_64.rules (added)
trunk/RHEL5.2/conf/audit/audit.rules (deleted)
trunk/RHEL5.2/conf/audit/auditd.conf (modified) (1 diff)
trunk/RHEL5.2/conf/pam/system-auth.pam (modified) (1 diff)
trunk/RHEL5.2/kickstart/clip.ks (modified) (2 diffs)
trunk/RHEL5.2/scripts/installer.in (modified) (3 diffs)
trunk/RHEL5.2/scripts/stig-fix/cat2/gen000460.sh (modified) (1 diff)
trunk/RHEL5.2/scripts/stig-fix/cat2/gen002660.sh (modified) (1 diff)
trunk/RHEL5.2/scripts/stig-fix/cat2/gen002820.sh (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/RHEL5.2/RPM/clip.spec

r198	r217
37	37	%defattr(-,root,root,-)
38	38	/usr/share/clip/conf/audit/auditd.conf
39		#/usr/share/clip/conf/audit/audit.rules
	39	/usr/share/clip/conf/audit/audit-i386.rules
	40	/usr/share/clip/conf/audit/audit-x86_64.rules
40	41	/usr/share/clip/conf/pam/login.pam
41	42	/usr/share/clip/conf/pam/newrole.pam

trunk/RHEL5.2/conf/audit/Makefile

r198	r217
1	1	install:
2	2	test -d $(DESTDIR)$(CONFDIR)/audit \| install -d -m 755 $(DESTDIR)$(CONFDIR)/audit
3		# install -m 644 .conf .rules $(DESTDIR)$(CONFDIR)/audit
4		install -m 644 *.conf $(DESTDIR)$(CONFDIR)/audit
	3	install -m 644 .conf .rules $(DESTDIR)$(CONFDIR)/audit

trunk/RHEL5.2/conf/audit/auditd.conf

r1	r217
9	9	freq = 20
10	10	num_logs = 4
11		#dispatcher = /root/src/skeleton
	11	dispatcher = /sbin/audispd
12	12	max_log_file = 5
13	13	max_log_file_action = ROTATE

trunk/RHEL5.2/conf/pam/system-auth.pam

r201	r217
14	14	account required pam_permit.so
15	15
16		password required pam_~~cracklib.so try_first_pass retry=3 minlen=14 difok=4 dcredit=-2 ucredit=-2 ocredit=-2 lcredit=-2~~
	16	password required pam_passwdqc.so min=disabled,disabled,disabled,disabled,14 max=40 passphrase=0 match=0 similar=deny random=0 enforce=everyone retry=3
17	17	password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=12
18	18	password required pam_deny.so

trunk/RHEL5.2/kickstart/clip.ks

r212	r217
666	666	EOF
667	667
	668	cat <<-EOF > /etc/audit/auditd.conf
	669	log_file = /var/log/audit/audit.log
	670	log_format = RAW
	671	priority_boost = 3
	672	flush = INCREMENTAL
	673	freq = 20
	674	num_logs = 4
	675	dispatcher = /sbin/audispd
	676	max_log_file = 5
	677	max_log_file_action = ROTATE
	678	space_left = 75
	679	space_left_action = SYSLOG
	680	action_mail_acct = root
	681	admin_space_left = 50
	682	admin_space_left_action = HALT
	683	disk_full_action = HALT
	684	disk_error_action = HALT
	685	EOF
	686
668	687	## (GEN002680: CAT II) (Previously â G094) The SA will ensure audit data files
669	688	## and directories will be readable only by personnel authorized by the IAO.
…	…
746	765	cat <<-EOF >> /etc/audit/audit.rules
747	766	# system administration actions
748		~~# these two lines could be the cause of problems with filling audit logs and preventing system usage after installation~~
749	767	-w /var/log/audit/audit.log
750	768	-w /var/log/audit/audit[1-4].log

trunk/RHEL5.2/scripts/installer.in

r198	r217
39	39	InstallAudit() {
40	40	Copy $AUDITDIR/auditd.conf /etc/audit/auditd.conf
41		# Copy $AUDITDIR/audit.rules /etc/audit/audit.rules
	41	if [ "$(uname -i)" == "x86_64" ]
	42	then
	43	Copy $AUDITDIR/audit-x86_64.rules /etc/audit/audit.rules
	44	else
	45	Copy $AUDITDIR/audit-i386.rules /etc/audit/audit.rules
	46	fi
	47
42	48	auditctl -R /etc/audit/audit.rules
43	49	}
…	…
53	59	for f in $MANDIR/*.8; do
54	60	Copy $f /usr/share/man/man8/$(basename $f)
55		~~done~~
56		}
57
58		~~# Install a collection of scripts to make CLIP~~
59		~~# STIG-compliant.~~
60		~~# Since these scripts are not likely to be found on the system,~~
61		~~# cp and not Copy() is used to install these files.~~
62		~~InstallStig() {~~
63		~~for d in $(ls -R $STIGFIXDIR); do~~
64		~~cp -r $d /usr/share/clip/scripts/stig-fix &2>/dev/null~~
65	61	done
66	62	}
…	…
92	88	InstallPam
93	89	InstallMan
94		~~InstallStig~~
95	90	#RunStigFixes

trunk/RHEL5.2/scripts/stig-fix/cat2/gen000460.sh

r201	r217
24	24	account required pam_permit.so
25	25
26		password required pam_~~cracklib.so try_first_pass retry=3 minlen=14 difok=4 dcredit=-2 ucredit=-2 ocredit=-2 lcredit=-2~~
	26	password required pam_passwdqc.so min=disabled,disabled,disabled,disabled,14 max=40 passphrase=0 match=0 similar=deny random=0 enforce=everyone retry=3
27	27	password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=12
28	28	password required pam_deny.so

trunk/RHEL5.2/scripts/stig-fix/cat2/gen002660.sh

r192	r217
22	22	EOF
23	23
	24	cat <<-EOF > /etc/audit/auditd.conf
	25	log_file = /var/log/audit/audit.log
	26	log_format = RAW
	27	priority_boost = 3
	28	flush = INCREMENTAL
	29	freq = 20
	30	num_logs = 4
	31	dispatcher = /sbin/audispd
	32	max_log_file = 5
	33	max_log_file_action = ROTATE
	34	space_left = 75
	35	space_left_action = SYSLOG
	36	action_mail_acct = root
	37	admin_space_left = 50
	38	admin_space_left_action = HALT
	39	disk_full_action = HALT
	40	disk_error_action = HALT
	41	EOF
	42

trunk/RHEL5.2/scripts/stig-fix/cat2/gen002820.sh

r197	r217
8	8	cat <<-EOF >> /etc/audit/audit.rules
9	9	# system administration actions
10		~~# these two lines could be the cause of problems with filling audit logs and preventing system usage after installation~~
11	10	-w /var/log/audit/audit.log
12	11	-w /var/log/audit/audit[1-4].log

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.