disable systemd audit logging (#902)

* os_hardening: disable systemd audit logging

disable audit logging via systemd-journald when enabling auditd
as this leads to duplicate logs in the journal or even /var/log/messages
depending on the configuration

Signed-off-by: Christoph Sieber <Christoph.Sieber@telekom.de>

* Don't disable systemd-journald-audit.socket on Suse

it seems the socket doesn't exist on this OS

Signed-off-by: Christoph Sieber <Christoph.Sieber@telekom.de>

---------

Signed-off-by: Christoph Sieber <Christoph.Sieber@telekom.de>
Co-authored-by: Christoph Sieber <Christoph.Sieber@telekom.de>

Author: z-bsod

roles/os_hardening/handlers/main.yml

@@ -27,3 +27,8 @@
     path: "{{ item }}"
     state: remounted
   loop: "{{ mountpoints_changed }}"
+
+- name: Restart journald
+  ansible.builtin.systemd:
+    name: systemd-journald.service
+    state: restarted

roles/os_hardening/tasks/auditd.yml

@@ -16,3 +16,15 @@
     - Restart auditd via service
     - Restart auditd via systemd
   tags: auditd
+
+- name: Disable systemd-journald.audit
+  when:
+    - ansible_facts.os_family != 'Suse'  # socket doesn't seem to exist on suse
+  ansible.builtin.systemd:
+    name: systemd-journald-audit.socket
+    state: stopped
+    enabled: false
+    masked: true
+  notify:
+    - Restart journald
+  tags: auditd