Document more, skip starting in CI.

robertdebock · Mar 25, 2024 · 0ad6416 · 0ad6416
1 parent 0169279
commit 0ad6416
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -95,11 +95,12 @@ The default values for the variables are set in [`defaults/main.yml`](https://gi
 ---
 # defaults file for auditd
 
+# Below variables are docuemented in the man page for auditd.conf
+# https://linux.die.net/man/5/auditd.conf
 auditd_buffer_size: 32768
 auditd_fail_mode: 1
 auditd_maximum_rate: 60
 auditd_enable_flag: 1
-
 auditd_local_events: "yes"
 auditd_write_logs: "yes"
 auditd_log_file: /var/log/audit/audit.log
@@ -114,8 +115,7 @@ auditd_disp_qos: lossy
 auditd_dispatcher: /sbin/audispd
 auditd_name_format: none
 auditd_max_log_file_action: rotate
-# This can be a number ('25') or a percentage. ('25%')
-auditd_space_left: 75
+auditd_space_left: "75"  # This can be a number ('25') or a percentage. ('25%')
 auditd_space_left_action: syslog
 auditd_verify_email: "yes"
 auditd_action_mail_acct: root
@@ -131,9 +131,17 @@ auditd_enable_krb5: "no"
 auditd_krb5_principal: auditd
 auditd_distribute_network: "no"
 
+# You can opt to manage the rules with this role or not.
+# Setting auditd_manage_rules to false will not manage the rules.
 auditd_manage_rules: true
 
+# Some rules require a specific architecture to be set.
 auditd_default_arch: b64
+
+
+# You can opt to start the auditd service or not.
+# Mostly useful in CI, to avoid starting the service.
+auditd_start_service: true
 ```
 
 ## [Requirements](#requirements)

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,11 +1,12 @@
 ---
 # defaults file for auditd
 
+# Below variables are docuemented in the man page for auditd.conf
+# https://linux.die.net/man/5/auditd.conf
 auditd_buffer_size: 32768
 auditd_fail_mode: 1
 auditd_maximum_rate: 60
 auditd_enable_flag: 1
-
 auditd_local_events: "yes"
 auditd_write_logs: "yes"
 auditd_log_file: /var/log/audit/audit.log
@@ -20,8 +21,7 @@ auditd_disp_qos: lossy
 auditd_dispatcher: /sbin/audispd
 auditd_name_format: none
 auditd_max_log_file_action: rotate
-# This can be a number ('25') or a percentage. ('25%')
-auditd_space_left: 75
+auditd_space_left: "75"  # This can be a number ('25') or a percentage. ('25%')
 auditd_space_left_action: syslog
 auditd_verify_email: "yes"
 auditd_action_mail_acct: root
@@ -37,6 +37,14 @@ auditd_enable_krb5: "no"
 auditd_krb5_principal: auditd
 auditd_distribute_network: "no"
 
+# You can opt to manage the rules with this role or not.
+# Setting auditd_manage_rules to false will not manage the rules.
 auditd_manage_rules: true
 
+# Some rules require a specific architecture to be set.
 auditd_default_arch: b64
+
+
+# You can opt to start the auditd service or not.
+# Mostly useful in CI, to avoid starting the service.
+auditd_start_service: true
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -20,3 +20,5 @@
     name: "{{ auditd_service }}"
     state: restarted
     use: service  # systemctl can't restart auditd, service can: https://access.redhat.com/solutions/2664811
+  when:
+    - auditd_start_service
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -46,3 +46,5 @@
     name: "{{ auditd_service }}"
     state: started
     enabled: true
+  when:
+    - auditd_start_service
diff --git a/templates/auditd.conf.j2 b/templates/auditd.conf.j2
@@ -14,7 +14,7 @@ disp_qos = {{ auditd_disp_qos }}
 dispatcher = {{ auditd_dispatcher }}
 name_format = {{ auditd_name_format }}
 max_log_file_action = {{ auditd_max_log_file_action }}
-space_left = {{ auditd_space_left }}
+space_left = {{ auditd_space_left | int }}
 space_left_action = {{ auditd_space_left_action }}
 verify_email = {{ auditd_verify_email }}
 action_mail_acct = {{ auditd_action_mail_acct }}