Puppet Class: auditd

Defined in:
modules/auditd/manifests/init.pp

Overview

Parameters:

  • log_to_disk (Boolean) (defaults to: true)
  • log_file (Stdlib::Unixpath) (defaults to: '/var/log/audit/audit.log')
  • rule_root_cmds (Boolean) (defaults to: false)
  • send_to_syslog (Boolean) (defaults to: false) 


21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'modules/auditd/manifests/init.pp', line 21

class auditd (
    Boolean          $log_to_disk    = true,
    Stdlib::Unixpath $log_file       = '/var/log/audit/audit.log',
    Boolean          $rule_root_cmds = false,
    Boolean          $send_to_syslog = false,
) {

    ensure_packages(['auditd'])

    file {
        default:
            ensure  => 'file',
            require => Package['auditd'],
            owner   => 'root',
            group   => 'root',
            mode    => '0440',
            notify  => Service['auditd'];
        '/etc/audit/auditd.conf':
            content => template('auditd/auditd.conf.erb');
        '/etc/audit/rules.d/audit.rules':
            content => template('auditd/audit.rules.erb');
        '/etc/audit/plugins.d/syslog.conf':
            content => template('auditd/audisp-syslog.conf.erb');
    }

    service { 'auditd':
        ensure     => 'running',
        enable     => true,
        hasrestart => true,
    }

    profile::auto_restarts::service { 'auditd': }
}