Skip to content

Commit 2265497

Browse files
hollowhollow
authored
Fix broken mode for /var/log/audit (#552)
``` Unable to open /var/log/audit/audit.log (Permission denied) ``` This PR fixes the issue by using the default permission set by auditd (`0700`). Signed-off-by: Benedikt Böhm <[email protected]>
1 parent 24d3520 commit 2265497

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

roles/os_hardening/defaults/main.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -428,7 +428,7 @@ os_mnt_var_log_src: ""
428428
os_mnt_var_log_options: 'rw,nosuid,nodev,noexec'
429429
os_mnt_var_log_filesystem: "ext4"
430430

431-
os_mnt_var_log_audit_dir_mode: '0640'
431+
os_mnt_var_log_audit_dir_mode: '0700'
432432
os_mnt_var_log_audit_enabled: false
433433
os_mnt_var_log_audit_src: ""
434434
os_mnt_var_log_audit_options: 'rw,nosuid,nodev,noexec'

0 commit comments

Comments
 (0)