Fix duplicated config options in auditd.conf

The regular expressions for max_log_file and space_left were not specific enough and the options were repeated in the auditd.conf over multiple runs of the security role. This patch makes those regular expressions more specific. Closes-bug: 1604958 Change-Id: Ia7eddd6fb4bdd3c2a5cc1b25aa9a152b087801c9
2016-07-20 15:51:51 -05:00 · 2016-07-20 15:51:51 -05:00 · 20b8d9a86d
commit 20b8d9a86d
parent 7f7098c25e
1 changed files with 2 additions and 2 deletions
--- a/tasks/auditd.yml
+++ b/tasks/auditd.yml
@ -59,7 +59,7 @@
 - name: V-38633 - The system must set a maximum audit log file size
  lineinfile:
    dest: /etc/audit/auditd.conf
-    regexp: "^(#)?max_log_file ="
+    regexp: "^(#)?max_log_file(?!_action)"
    line: "max_log_file = {{ security_max_log_file }}"
  when: auditd_conf.stat.exists | bool
  notify:
@ -201,7 +201,7 @@
 - name: V-38678 - Lower limit of available disk space when auditd triggers space_left_action
  lineinfile:
    dest: /etc/audit/auditd.conf
-    regexp: "^(#)?space_left"
+    regexp: "^(#)?space_left(?!_action)"
    line: "space_left = {{ security_space_left }}"
  when: auditd_conf.stat.exists | bool
  notify: