Merge pull request #25 from ansible-lockdown/devel

Add Audit only documentation section
ansible-lockdown · Nov 20, 2023 · cc34954 · cc34954
2 parents c28180b + 93414fd
commit cc34954
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/docs/source/audit/getting-started-audit.rst b/docs/source/audit/getting-started-audit.rst
@@ -77,6 +77,28 @@ The following requirements are needed (OS dependant)
     The binary only needs to be accessible to the host with ability to use.
     The relevant script needs to be adjust to point to the path of the binary.
 
+Running the Audit Only as part of remediate playbook
+----------------------------------------------------
+
+It is possible to just run the audit on some playbooks (being rolled out across them all). This is a variable set
+
+.. code-block:: yaml
+
+  audit_only: true
+
+
+This will run the audit based on the same release as the playbook and will then stop.
+Extra variables also enable the ability to copy back the audit output to the control node and create a directory structure.
+
+.. code-block:: yaml
+
+  # As part of audit_only
+  # This will enable files to be copied back to control node
+  fetch_audit_files: false
+  # Path to copy the files to will create dir structure
+  audit_capture_files_dir: /some/location to copy to on control node
+
+
 Defining the audit
 ------------------