CIS Specific Information

Advanced Options

Note

These are advanced options and required a greater understanding of all aspects of implementing

• auditd_exclusion:

auditd logs can fill up very quickly with the default CIS options to log every privileged commands. Whether scanners/automation or and job that needs to run against a system with privilege access. e.g.sudo

There is the ability to change this for specific users to exclude anything in user space. This will still capture login/logout and sshd process but anything else will be excluded for that user. This can be enabled with the following (this needs to be set in an alternate variable location)

allow_auditd_uid_user_exclusions: true

Then a list of applicable users can be added to the exclusions. e.g.

rhel8cis_auditd_uid_exclude:
- ansible
- vagrant