simp / pupmod-simp-auditd Goto Github PK
View Code? Open in Web Editor NEWThe SIMP auditd Puppet Module
License: Other
The SIMP auditd Puppet Module
License: Other
Can you please update to stdlib < 9.0.0
and change herculesteam/augeasproviders_grub
to puppet/augeasproviders_grub <5.0.0
as they have taken over the herculesteam release.
Thank you.
Audtid configuration files in /etc/ should not be managed by auditd::log_group
. Introduce a new variable, ex. auditd::config_group
. Modify $config_file_mode
to utilize auditd::config_group
as a ternary. Update all audit files managed within /etc/ to use the new auditd::config_group
and update permissions as needed.
The code under templates/rule_profiles/common/default_drop.epp states on lines 21 and 28 if greater than 6 but chrony is only on RHEL 8 and above. It should be >6 and <8 or just change 6 to 7. The error is stated if you run on RHEL 7: augenrules --load
Unknown user: chrony
-F unknown field: uid
There was an error in line 13 of /etc/audit/audit.rules
Unknown user: chrony
-F unknown field: uid
Please can Rocky 8 be added to the supported os list?
The hieradata in data/os needs to be updated with parameters for RHEL 9.
Puppet manages the q_depth setting in /etc/audisp/audispd.conf. We ' d like q_depth to be optionally managed so puppet don't manage it.
The template for overflow_action looks for the $audit::overflowaction
parameter, however, the actual parameter name in the class is $auditd::overflow_action
so the template will never set overflow action to what a user has requested.
On RHEL 8, dbus/dbus-daemon does not provide the /usr/lib64/dbus-1 directory, which causes augenrules to fail.
Unsure if this also affects CentOS/OEL 8.
Set the force => true
option on the /etc/audit
file resource: https://github.com/simp/pupmod-simp-auditd/blob/master/manifests/config.pp#L32-L39
Otherwise, if a directory is created in /etc/audit, puppet will be unable to remove it and will non-idempotently restart auditd every run.
We are using your module to manage our auditd rules. Unfortunately, some systems are running software which is adding its own rules to /etc/audit/rules.d. The file containing these rules is automatically removed by Puppet. Is it possible to either disable this file removal, or configure one or more rule files to ignore?
When new rule files get created they are created with a default mode of 0644, which will cause compliance scan failures for CIS at the very least. We need a way to determine the correct mode for the files under /etc/audit/rules.d and apply it.
Applications may manage settings in audispd.conf independently from puppet. Update manifests/config/audisp.pp so users can disable management of individual settings.
When auditd rotates the log files, it removes the write bit from the user
permissions.
The module needs to be updated to use symbolic permissions instead of numeric.
The permissions on /var/log/audit.log.<number>
remove user write permissions.
This means that the current implementation will flap as evidenced in https://gitlab.com/simp/pupmod-simp-simp/-/jobs/2578131227#L3835
On RHEL 7 machines the fact reference above returns blank because /usr/share/audit/sample-rules doesn't exist. The samples all apear to live under /usr/share/doc/audit-2.8.5/rules instead. The fact needs to be modified so it will look inside of both locations.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.