Added syscalls table for all arch

ansible-lockdown · Jan 16, 2025 · a303ef7 · a303ef7
1 parent 63a05c0
commit a303ef7
Show file tree

Hide file tree

Showing 47 changed files with 23,690 additions and 4 deletions.
diff --git a/tasks/auditd.yml b/tasks/auditd.yml
@@ -1,13 +1,14 @@
 ---
-
 - name: POST | Apply auditd template for section 4.1.3.x
   when: update_audit_template
   ansible.builtin.template:
     src: audit/99_auditd.rules.j2
     dest: /etc/audit/rules.d/99_auditd.rules
     owner: root
     group: root
-    mode: '0640'
+    mode: "0640"
+  vars:
+    syscalls: "{{ lookup('file', 'audit/syscalls/table/syscall-' + ansible_architecture) }}"
   register: discovered_audit_rules_updated
   notify:
     - Auditd rules reload
@@ -22,7 +23,7 @@
     dest: /etc/audit/rules.d/98_auditd_exceptions.rules
     owner: root
     group: root
-    mode: '0600'
+    mode: "0600"
   notify: Restart auditd
 
 - name: POST | Flush handlers

diff --git a/templates/audit/99_auditd.rules.j2 b/templates/audit/99_auditd.rules.j2
@@ -5,7 +5,7 @@
 ## YOUR CHANGED WILL BE LOST!
 
 # This template will set all of the auditd configurations via a handler in the role in one task instead of individually
-
+{{ syscalls}}
 {% if ubtu22cis_rule_6_3_3_1 %}
 -w /etc/sudoers -p wa -k scope
 -w /etc/sudoers.d/ -p wa -k scope