From 97a776a87ca65c51faa435a44b9a25934411dc2d Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sat, 4 Jan 2025 21:36:28 +0100
Subject: [PATCH] Disable time-change audit rules for trixie

There's no longer a "ntp" system user?
---
 roles/float-base/templates/audit/rules.d/10system.rules.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/float-base/templates/audit/rules.d/10system.rules.j2 b/roles/float-base/templates/audit/rules.d/10system.rules.j2
index 17a84776..4b2b3044 100644
--- a/roles/float-base/templates/audit/rules.d/10system.rules.j2
+++ b/roles/float-base/templates/audit/rules.d/10system.rules.j2
@@ -4,6 +4,8 @@
 
 ## General system rules
 
+{# TODO: get rid of this section entirely? #}
+{% if float_debian_dist != 'trixie' %}
 # Record Events That Modify Date and Time Information
 {% if ansible_architecture == "x86_64" %}
 -a always,exit -F arch=b64 -F uid!=ntp -S clock_settime -k time-change
@@ -11,6 +13,7 @@
 {% endif %}
 -a always,exit -F arch=b32 -F uid!=ntp -S clock_settime -k time-change
 -a always,exit -F arch=b32 -F uid!=ntp -S adjtimex -S settimeofday -S stime -k time-change
+{% endif %}
 -w /etc/localtime -p wa -k time-change
 
 # Record Events That Modify User/Group Information
-- 
GitLab