Version information
Start using this module
Add this module to your Puppetfile:
mod 'geoffwilliams-auditd', '3.1.0'Learn more about managing modules with a PuppetfileDocumentation
auditd
Table of Contents
- Description
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
Puppet Auditd module
Usage
See reference and examples
Limitations
- Not supported by Puppet, Inc.
Development
PRs accepted :)
Testing
This module supports testing using PDQTest.
Test can be executed with:
bundle install
make
See .travis.yml for a working CI example
Reference
Table of Contents
Classes
auditd: Setup and manage auditd using Puppet
Classes
auditd
This module takes a non-templated approach to management in order to easily incorporate upstream changes from vendor.
You may control:
- Overall auditd settings in auditd.conf
- audispd settings in audispd.conf
- Auditd rules (as managed files under /etc/audit/rules.d)
- Purging of non-managed rules (default behaviour)
Examples
Install auditd, manage service and create rules
include auditd
Hiera data for auditd.conf settings
audit::settings:
log_format: "ENRICHED"
max_log_file: "50"
num_logs: "5"
max_log_file_action: "rotate"
local_events: "yes"
Hiera data for audispd.conf settings
audit::audispd_settings:
overflow_action: syslog
priority_boost: 4
Hiera data for custom auditd rules
audit::rules:
10_date_and_time:
content: |
# data and time
-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change
-a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k time-change
-a always,exit -F arch=b64 -S clock_settime -k time-change
-a always,exit -F arch=b32 -S clock_settime -k time-change
-w /etc/localtime -p wa -k time-change
20_user_and_groups:
content: |
# users and groups
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/shadow -p wa -k identity
Parameters
The following parameters are available in the auditd class.
package_name
Data type: Array[String]
Name of the audit packages to install
Default value: ["audit", "audispd-plugins"]
settings
Data type: Hash[String, Any]
Hash of settings for the main auditd.conf config file
Default value: {}
audispd_settings
Data type: Hash[String, Any]
Hash of settings for the audispd.conf config file
Default value: {}
service_ensure
Data type: Enum['running','stopped']
Ensure the audit service to this state
Default value: 'running'
service_enable
Data type: Boolean
true to start audit service on boot otherwise false
Default value: true
config_file
Data type: String
Full path to main auditd.conf config file
Default value: '/etc/audit/auditd.conf'
audispd_config_file
Data type: String
Full path to audispd.conf config file
Default value: '/etc/audisp/audispd.conf'
rules
Data type: Hash[String, Hash[String, String]]
Hash of audit rules to enforce
Default value: {}
service_name
Data type: String
Name of audit service to manage
Default value: "auditd"
purge_rules
Data type: Boolean
true to remove all non-puppet managed rules from conf_d directory
Default value: true
header
Data type: String
Warning message to add to top of each managed file
Default value: "# managed by puppet"
conf_d
Data type: String
directory to store rule fragments in
Default value: "/etc/audit/rules.d/"
service_stop
Data type: String
Command to stop auditd (MUST bypass systemd https://access.redhat.com/solutions/2664811)
Default value: "/sbin/service auditd stop"
service_restart
Data type: String
Command to restart auditd (MUST bypass systemd https://access.redhat.com/solutions/2664811)
Default value: "/sbin/service auditd restart"
Dependencies
- geoffwilliams-filemagic (0.5.2)