From 075c24886d4ead26f76163efb49f2297f91d41df Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Tue, 23 Jun 2020 18:11:15 -0400
Subject: [PATCH] disable auditd when loki is enabled, its structured logs are
 not so easily parsed by loki

---
 roles/base/tasks/harden.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/base/tasks/harden.yml b/roles/base/tasks/harden.yml
index a23b0ced..58234a14 100644
--- a/roles/base/tasks/harden.yml
+++ b/roles/base/tasks/harden.yml
@@ -49,6 +49,7 @@
     packages:
       - auditd
       - audisp-json
+  when: not enable_loki
 
 - name: Auditd default config removed
   file:
@@ -63,6 +64,7 @@
     - "templates/audit/rules.d/*.j2"
   notify:
     - restart auditd
+  when: not enable_loki
 
 - name: Auditd configured
   template:
@@ -70,6 +72,7 @@
     dest: /etc/audit/auditd.conf
   notify:
     - restart auditd
+  when: not enable_loki
 
 - name: Audispd plugins configured
   copy:
@@ -80,11 +83,13 @@
     - json.conf
   notify:
     - restart auditd
+  when: not enable_loki
 
 - name: Enable auditd service
   systemd:
     name: auditd.service
     enabled: yes
+  when: not enable_loki
 
 - name: Disable journald-auditd link
   systemd:
@@ -92,3 +97,4 @@
     state: stopped
     enabled: no
     masked: yes
+  when: not enable_loki
-- 
GitLab