CIS Specific Information

Advanced Options

Note

These are advanced options and required a greater understanding of all aspects of implementation.

• auditd_exclusion:

auditd logs can fill up very quickly with the default CIS options to log every privileged commands. Whether scanners/automation or and job that needs to run against a system with privilege access. e.g.sudo

There is the ability to change this for specific users to exclude anything in user space. This will still capture login/logout and sshd process but anything else will be excluded for that user. This can be enabled with the following (this needs to be set in an alternate variable location):

allow_auditd_uid_user_exclusions: true

Then a list of applicable users can be added to the exclusions. e.g.

rhel8cis_auditd_uid_exclude:
- ansible
- vagrant