Forge Home

auditd

Configures auditd and add some standard rules

1,340 downloads

477 latest version

5.0 quality score

Version information

  • 1.2.6 (latest)
  • 1.2.5
  • 1.2.4
  • 1.2.3
  • 1.2.2
  • 1.2.1
  • 1.2.0
  • 1.1.9
  • 1.1.8
  • 1.1.7
  • 1.1.6
  • 1.1.5
  • 1.1.4
  • 1.1.2
  • 1.1.1
  • 1.1.0
  • 1.0.9
  • 1.0.8
  • 1.0.7
  • 1.0.6
  • 1.0.5
  • 1.0.4
  • 1.0.3 (deleted)
  • 1.0.2
  • 1.0.1
  • 1.0.0
  • 0.1.0 (deleted)
released Sep 8th 2021
This version is compatible with:
  • Puppet Enterprise 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x
  • Puppet >= 5.55.0 < 8.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'karimchaouch-auditd', '1.2.6'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add karimchaouch-auditd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install karimchaouch-auditd --version 1.2.6

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

karimchaouch/auditd — version 1.2.6 Sep 8th 2021

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with auditd
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module
  8. Acknowledgements

Overview

This module will install a basic template for auditd rules on CentOS / Ubuntu

Module Description

This module edits the default /etc/audit/auditd.conf, adds a /etc/audit/audit.rules file to the server and restarts auditd.

Setup

If you wish to use your own ruleset, it must be passed to the auditd classes $auditd_rules parameter as an array of rules. This ruleset will over-write the default rules, so must be the full ruleset you intend to implement. E.g.:

class {'auditd':
  auditd_rules => [
    '-a always,exit -F arch=b32 -S adjtimex -S settimeofday -k time-change',
    '-w /etc/passwd -p wa -k identity',
  ],
}

Config values for the auditd.conf file can be passed in as a hash to the $auditd_conf parameter, where the key is the setting name and the value is the value. This will not completely over-write the default ruleset, only add new settings to the default list, or override values for existing settings. The default list can be found in the in-module Hiera data. E.g.

class {'auditd':
  auditd_conf => {
    'log_file' => '/var/log/some-other-auditd.log',
  }
}

What auditd affects

  • /etc/audit/auditd.conf
  • /etc/audit/audit.rules
  • RPM Package audit will be installed
  • Service auditd will be turned on and started

Beginning with auditd

Install module with sudo puppet module install auditd or use r10k.

Usage

Use the following syntax to get this module working:

include auditd

or

class { 'auditd': }

Reference

Classes

Public Classes

  • auditd: Installs and configures auditd on your server.

Private Classes

Limitations

This module has only been tested on RedHat 7 & 8 / Ubuntu 14 & 16 & 18. For other distributions, the module have to be tested.

Development

This module is public and can be found on github here

Acknowledgements

This module is a fork of https://github.com/lgbarn/auditd.