commit 91e02458ddccf2c20381c9b68695406de67b8481
author Ivan Suzdal <isuzdal@mirantis.com> Wed Jun 20 12:33:16 2018 +0400
committer Ivan Suzdal <isuzdal@mirantis.com> Thu Jun 21 09:35:33 2018 +0400
tree 614cb370df0de1663f701d24aeb0e9064fa164aa
parent 3e3c053444927405d9ed532678669cd518fc0690

Changes according to the ciscat requirements

It is nearly impossible to use static "privileged" rules due to such lists
will differ from one installation to another. By this change it will generate
the list dynamically. It can be extended via common rule_list when needed.

Also the enabled option now is immutable.

Change-Id: I537124cd7201bdea831f0a98c3f98c20c7d77707

metadata/service/rules/ciscat.yml

diff --git a/metadata/service/rules/ciscat.yml b/metadata/service/rules/ciscat.yml
index 8482c09..1596dd5 100644
--- a/metadata/service/rules/ciscat.yml
+++ b/metadata/service/rules/ciscat.yml
@@ -6,7 +6,7 @@
   auditd:
     rules:
       options:
-        enabled: 1
+        enabled: 2
         bufsize: 8192
       rules:
         MAC_policy:
@@ -67,23 +67,6 @@
             - '-a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295'
         privileged:
           enabled: true
-          rule_list:
-            - '-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/lib/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295'
-            - '-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=4294967295'
         scope:
           enabled: true
           rule_list: