I'm almost certain this is coming from ansible-security in [1]. mentioned in [2] at
---
With modifying the active line so that it contains yes, the audispd daemon will start logging events. The logging method depends on further setting in the same file.
---
So this seems to be behaving according to its specification, but I wonder how much verbosity is helpful, especially in CI. At the very least it compresses well (~15mb) which could be done in [1]
The bulk of the logs appears to be along the lines of
--- xenial- osic-cloud1- 4101327 audispd: node=ubuntu- xenial- osic-cloud1- 4101327 type=EOE msg=audit( 1473092029. 822:547227) : xenial- osic-cloud1- 4101327 audispd: node=ubuntu- xenial- osic-cloud1- 4101327 type=SYSCALL msg=audit( 1473092030. 022:547228) : arch=c000003e syscall=94 success=yes exit=0 a0=7ffc49f44d80 a1=6e a2=4 a3=0 items=1 ppid=26131 pid=26132 auid=3000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="rsync" exe="/usr/ bin/rsync" key="perm_ modV-38558" xenial- osic-cloud1- 4101327 audispd: node=ubuntu- xenial- osic-cloud1- 4101327 type=CWD msg=audit( 1473092030. 022:547228) : cwd="/home/ jenkins/ workspace/ gate-openstack- ansible- openstack- ansible- aio-ubuntu- xenial- nv/logs/ host"
Sep 5 16:13:49 ubuntu-
Sep 5 16:13:50 ubuntu-
Sep 5 16:13:50 ubuntu-
----
I'm almost certain this is coming from ansible-security in [1]. mentioned in [2] at
---
With modifying the active line so that it contains yes, the audispd daemon will start logging events. The logging method depends on further setting in the same file.
---
So this seems to be behaving according to its specification, but I wonder how much verbosity is helpful, especially in CI. At the very least it compresses well (~15mb) which could be done in [1]
[1] https:/ /github. com/openstack/ openstack- ansible- security/ blob/master/ tasks/auditd. yml#L288 /access. redhat. com/solutions/ 2380591 docs.openstack. org/developer/ openstack- ansible- security/ controls- cat1.html git.openstack. org/cgit/ openstack/ openstack- ansible/ tree/scripts/ scripts- library. sh#n134
[2] https:/
[3] http://
[4] http://