New in version 2.5.
Parameter | Choices/Defaults | Comments |
---|---|---|
audit_flags
list
/ required
|
|
Defines whether to log on failure, success, or both.
To log both define as comma separated list "Success, Failure".
|
inheritance_flags
list
|
"ContainerInherit,ObjectInherit"
|
Defines what objects inside of a folder or registry key will inherit the settings.
If you are setting a rule on a file, this value has to be changed to
none .For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx.
|
path
path
/ required
|
Path to the file, folder, or registry key.
Registry paths should be in Powershell format, beginning with an abbreviation for the root such as,
HKLM:\Software .aliases: dest, destination |
|
propagation_flags
-
|
|
Propagation flag on the audit rules.
This value is ignored when the path type is a file.
For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx.
|
rights
list
/ required
|
Comma separated list of the rights desired. Only required for adding a rule.
If path is a file or directory, rights can be any right under MSDN FileSystemRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights.aspx.
If path is a registry key, rights can be any right under MSDN RegistryRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx.
|
|
state
string
|
|
Whether the rule should be
present or absent .For absent, only path, user, and state are required.
Specifying
absent will remove all rules matching the defined user. |
user
string
/ required
|
The user or group to adjust rules for.
|
See also
- name: Add filesystem audit rule for a folder
win_audit_rule:
path: C:\inetpub\wwwroot\website
user: BUILTIN\Users
rights: write,delete,changepermissions
audit_flags: success,failure
inheritance_flags: ContainerInherit,ObjectInherit
- name: Add filesystem audit rule for a file
win_audit_rule:
path: C:\inetpub\wwwroot\website\web.config
user: BUILTIN\Users
rights: write,delete,changepermissions
audit_flags: success,failure
inheritance_flags: None
- name: Add registry audit rule
win_audit_rule:
path: HKLM:\software
user: BUILTIN\Users
rights: delete
audit_flags: 'success'
- name: Remove filesystem audit rule
win_audit_rule:
path: C:\inetpub\wwwroot\website
user: BUILTIN\Users
state: absent
- name: Remove registry audit rule
win_audit_rule:
path: HKLM:\software
user: BUILTIN\Users
state: absent
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
current_audit_rules
dictionary
|
always |
The current rules on the defined path
Will return "No audit rules defined on path"
Sample:
{
"audit_flags": "Success",
"user": "Everyone",
"inheritance_flags": "False",
"is_inherited": "False",
"propagation_flags": "None",
"rights": "Delete"
}
|
path_type
string
|
always |
The type of path being targetted.
Will be one of file, directory, registry.
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.