[Openstack-security] [Bug 1616281] Re: Can't initialize AIDE during subsequent playbook runs
OpenStack Infra
1616281 at bugs.launchpad.net
Thu Aug 25 20:33:06 UTC 2016
Reviewed: https://review.openstack.org/359554
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=578ce32998d889cf3ea63260fc3ca2f99e8ea91d
Submitter: Jenkins
Branch: master
commit 578ce32998d889cf3ea63260fc3ca2f99e8ea91d
Author: Major Hayden <major at mhtx.net>
Date: Tue Aug 23 22:12:31 2016 -0500
Ensure AIDE initializes on subsequent runs
If a deployer installs AIDE the first time they apply the role
without initializing AIDE and they want to initialize it later,
the handler that does the initialization never fires.
This patch does a few things:
- Ensures AIDE initialization if the initialize_aide bool is True
- Doesn't intialize the AIDE db if it already exists
- Moves the new db into place on Red Hat systems
- Moves the AIDE tasks into its own file with tags
- Prevents AIDE from trawling through /var
Closes-bug: 1616281
Change-Id: I85d65738fde064b06b1147c529b22c3f44a33e94
** Changed in: openstack-ansible
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1616281
Title:
Can't initialize AIDE during subsequent playbook runs
Status in openstack-ansible:
Fix Released
Bug description:
AIDE isn't initialized by default because it can cause a lot of system
load when it does its first check of a new system. If a deployer
applies the security hardening role with ``initialize_aide`` set to
False (the default), it won't be initialized. However, if they set it
to True and re-run the playbook, AIDE is already configured and the
handler to initialize AIDE won't execute.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1616281/+subscriptions
More information about the Openstack-security
mailing list