From f97af4730128237271ab275c6deae4e156223119 Mon Sep 17 00:00:00 2001
From: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Date: Wed, 25 Sep 2024 13:32:12 +0100
Subject: [PATCH] Apply architecture specific audit rules

Some audit rules do not work on arm systems, so disable this
subset when the target system is aarch64 architecture.

Closes-Bug: 2081831
Change-Id: Ia5cea0533eb174b52009a54fceeee36b9e4dfe8b
---
 defaults/main.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 13ab53fe..c61b4eae 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -103,7 +103,7 @@ security_rhel7_audit_chage: yes                              # V-72155
 security_rhel7_audit_chcon: yes                              # V-72139
 security_rhel7_audit_chmod: no                               # V-72105
 security_rhel7_audit_chown: no                               # V-72097
-security_rhel7_audit_creat: yes                              # V-72123
+security_rhel7_audit_creat: "{{ (ansible_facts['architecture'] == 'aarch64') | ternary('no', 'yes') }}"  # V-72123
 security_rhel7_audit_crontab: yes                            # V-72183
 security_rhel7_audit_delete_module: yes                      # V-72189
 security_rhel7_audit_fchmod: no                              # V-72107
@@ -120,7 +120,7 @@ security_rhel7_audit_lremovexattr: no                        # V-72121
 security_rhel7_audit_lsetxattr: no                           # V-72115
 security_rhel7_audit_mount: yes                              # V-72171
 security_rhel7_audit_newgrp: yes                             # V-72165
-security_rhel7_audit_open: yes                               # V-72125
+security_rhel7_audit_open: "{{ (ansible_facts['architecture'] == 'aarch64') | ternary('no', 'yes') }}"  # V-72125
 security_rhel7_audit_openat: yes                             # V-72127
 security_rhel7_audit_open_by_handle_at: yes                  # V-72129
 security_rhel7_audit_pam_timestamp_check: yes                # V-72185
@@ -128,10 +128,10 @@ security_rhel7_audit_passwd: yes                             # V-72149
 security_rhel7_audit_postdrop: yes                           # V-72175
 security_rhel7_audit_postqueue: yes                          # V-72177
 security_rhel7_audit_removexattr: no                         # V-72117
-security_rhel7_audit_rename: yes                             # V-72199
+security_rhel7_audit_rename: "{{ (ansible_facts['architecture'] == 'aarch64') | ternary('no', 'yes') }}"  # V-72199
 security_rhel7_audit_renameat: yes                           # V-72201
 security_rhel7_audit_restorecon: yes                         # V-72141
-security_rhel7_audit_rmdir: yes                              # V-72203
+security_rhel7_audit_rmdir: "{{ (ansible_facts['architecture'] == 'aarch64') | ternary('no', 'yes') }}"  # V-72203
 security_rhel7_audit_semanage: yes                           # V-72135
 security_rhel7_audit_setsebool: yes                          # V-72137
 security_rhel7_audit_setxattr: no                            # V-72111
@@ -142,7 +142,7 @@ security_rhel7_audit_sudoedit: yes                           # V-72169
 security_rhel7_audit_truncate: yes                           # V-72131
 security_rhel7_audit_umount: yes                             # V-72173
 security_rhel7_audit_unix_chkpwd: yes                        # V-72151
-security_rhel7_audit_unlink: yes                             # V-72205
+security_rhel7_audit_unlink: "{{ (ansible_facts['architecture'] == 'aarch64') | ternary('no', 'yes') }}"  # V-72205
 security_rhel7_audit_unlinkat: yes                           # V-72207
 security_rhel7_audit_userhelper: yes                         # V-72157
 # Add audit rules for other events.