7b313ee1bc
This patch fixes the auditd rules template so that AppArmor and SELinux policy modifications are logged, depending on which Linux distribution is in use. The security_audit_apparmor_changes variable has been renamed to security_audit_mac_changes to be more generic. Documentation updates and a release note are included. Closes-bug: 1584187 Change-Id: I0955e2cb8a05af4afd36aaca518322a9df6d1ff7
16 lines
586 B
YAML
16 lines
586 B
YAML
---
|
|
|
|
upgrade:
|
|
- |
|
|
The variable ``security_audit_apparmor_changes`` is now renamed to
|
|
``security_audit_mac_changes`` and is enabled by default. Setting
|
|
``security_audit_mac_changes`` to ``no`` will disable syscall auditing for
|
|
any changes to AppArmor policies (in Ubuntu) or SELinux policies (in
|
|
CentOS).
|
|
features:
|
|
- |
|
|
The auditd rules template included a rule that audited changes to the
|
|
AppArmor policies, but the SELinux policy changes were not being audited.
|
|
Any changes to SELinux policies in ``/etc/selinux`` are now being logged
|
|
by auditd.
|