Merge pull request #810 from dev-sec/audit_name

Add variable to set name_format for auditd

Author: schurzi

roles/os_hardening/defaults/main.yml

@@ -348,6 +348,7 @@ os_auditd_disk_error_action: SUSPEND
 os_auditd_action_mail_acct: root
 os_auditd_log_group: root
 os_auditd_num_logs: 5
+os_auditd_name_format: NONE
 
 # Set the SELinux state, which can be either disabled, permissive, or enforcing.
 os_selinux_state: enforcing

roles/os_hardening/meta/argument_specs.yml

@@ -207,6 +207,16 @@ argument_specs:
         description: This keyword specifies the maximum file size in megabytes. When
           this limit is reached, it will trigger a configurable action. The value
           given must be numeric.
+      os_auditd_name_format:
+        default: NONE
+        type: str
+        description: This keyword specifies how computer node names are inserted
+              into the audit event stream.
+        choices:
+          - NONE
+          - hostname
+          - fqd
+          - numeric
       os_auditd_num_logs:
         default: 5
         type: int

roles/os_hardening/templates/etc/audit/auditd.conf.j2

@@ -11,7 +11,7 @@ freq = {{ os_auditd_freq }}
 num_logs = {{ os_auditd_num_logs }}
 disp_qos = lossy
 dispatcher = /sbin/audispd
-name_format = NONE
+name_format = {{ os_auditd_name_format }}
 max_log_file = {{ os_auditd_max_log_file }}
 max_log_file_action = {{ os_auditd_max_log_file_action }}
 space_left = {{ os_auditd_space_left }}