Skip to content

Ubeek/auditd

BranchesTags
 
 

Repository files navigation

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with auditd
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module
  8. Acknowledgements

Overview

This module will install a basic template for auditd rules.

Module Description

This module edits the default /etc/audit/auditd.conf, adds a /etc/audit/rules.d/audit.rules file to the server and restarts auditd.

Setup

If you wish to use your own ruleset, it must be passed to the auditd classes $auditd_rules parameter as an array of rules. This ruleset will over-write the default rules, so must be the full ruleset you intend to implement. E.g.:

class {'auditd':
  auditd_rules => [
    '-a always,exit -F arch=b32 -S adjtimex -S settimeofday -k time-change',
    '-w /etc/passwd -p wa -k identity',
  ],
}

Config values for the auditd.conf file can be passed in as a hash to the $auditd_conf parameter, where the key is the setting name and the value is the value. This will not completely over-write the default ruleset, only add new settings to the default list, or override values for existing settings. The default list can be found in the in-module Hiera data. E.g.

class {'auditd':
  auditd_conf => {
    'log_file' => '/var/log/some-other-auditd.log',
  }
}

What auditd affects

  • /etc/audit/auditd.conf
  • /etc/audit/rules.d/audit.rules
  • RPM Package audit will be installed
  • Service auditd will be turned on and started

Beginning with auditd

Install module with sudo puppet module install auditd or use r10k.

Usage

Use the following syntax to get this module working:

include auditd

or

class { 'auditd': }

Reference

Classes

Public Classes

  • auditd: Installs and configures auditd on your server.

Private Classes

Limitations

This module has only been tested on RedHat,CentOS and it derivatives. All other distributions are not supported.

Development

This module is public and can be found on githubhere

Acknowledgements

This module is based upon the auditd module by Luther Barnum, which can be found at https://github.com/lgbarn/auditd.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases 2

Cleanup Release Latest
Aug 9, 2021
1 release

Packages

No packages published

Languages

  • Ruby 66.1%
  • Puppet 28.7%
  • HTML 4.0%
  • Dockerfile 1.2%