Forge Home

auditd

Configures auditd and add some standard rule

3,916 downloads

2,996 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.3 (latest)
  • 1.0.2
  • 1.0.1
released Feb 3rd 2022
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'ubeek-auditd', '1.0.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add ubeek-auditd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install ubeek-auditd --version 1.0.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

ubeek/auditd — version 1.0.3 Feb 3rd 2022

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with auditd
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module
  8. Acknowledgements

Overview

This module will install a basic template for auditd rules.

Module Description

This module edits the default /etc/audit/auditd.conf, adds a /etc/audit/rules.d/audit.rules file to the server and restarts auditd.

Setup

If you wish to use your own ruleset, it must be passed to the auditd classes $auditd_rules parameter as an array of rules. This ruleset will over-write the default rules, so must be the full ruleset you intend to implement. E.g.:

class {'auditd':
  auditd_rules => [
    '-a always,exit -F arch=b32 -S adjtimex -S settimeofday -k time-change',
    '-w /etc/passwd -p wa -k identity',
  ],
}

Config values for the auditd.conf file can be passed in as a hash to the $auditd_conf parameter, where the key is the setting name and the value is the value. This will not completely over-write the default ruleset, only add new settings to the default list, or override values for existing settings. The default list can be found in the in-module Hiera data. E.g.

class {'auditd':
  auditd_conf => {
    'log_file' => '/var/log/some-other-auditd.log',
  }
}

What auditd affects

  • /etc/audit/auditd.conf
  • /etc/audit/rules.d/audit.rules
  • RPM Package audit will be installed
  • Service auditd will be turned on and started

Beginning with auditd

Install module with sudo puppet module install auditd or use r10k.

Usage

Use the following syntax to get this module working:

include auditd

or

class { 'auditd': }

Reference

Classes

Public Classes

  • auditd: Installs and configures auditd on your server.

Private Classes

Limitations

This module has only been tested on RedHat,CentOS and it derivatives. All other distributions are not supported.

Development

This module is public and can be found on githubhere

Acknowledgements

This module is based upon the auditd module by Luther Barnum, which can be found at https://github.com/lgbarn/auditd.