This module manages the Audit daemon, kernel parameters, and related subsystems.
This module is a component of the System Integrity Management Platform, a compliance management framework built on Puppet.
If you find any issues, they can be submitted to our JIRA.
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
- When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
- If used independently, all SIMP-managed security subsystems will be disabled by
default and must be explicitly opted into by administrators. Please review
simp_optionsfor details.
You can use this module for the management of all components of auditd including configuration, service management, kernel parameters, and custom rule sets.
By default, a rule set is provided that should meet a reasonable set of operational goals for most environments.
The audit kernel parameter may optionally be managed independently of the
rest of the module using the ::auditd::config::grub class.
If auditd::syslog is true, you will need to install
simp/rsyslog as a dependency.
- The
auditkernel parameter- NOTE: This will be applied to all kernels in your standard grub configuration
- The auditd service
- The audid configuration in /etc/auditd.conf
- The auditd rules in /etc/audit/rules.d
- The audispd configuration in /etc/audisp/audispd.conf
- The audispd
syslogconfiguration in /etc/audisp/plugins.d/syslog.conf
# Set up auditd with the default settings
# A message will be printed indicating that you need to reboot for this option
# to take full effect at each Puppet run until you reboot your system.
include '::auditd'To disable auditd at boot, set the following in hieradata:
auditd::at_boot : falseTo override the default values included in the module, you can either include new values for the keys at the time that the classes are declared, or set the values in hieradata:
class { '::auditd':
ignore_failures => true,
log_group => 'root',
flush => 'INCREMENTAL'
}auditd::ignore_failures: true
auditd::log_group: 'root'
auditd::flush: 'INCREMENTAL'SIMP Puppet modules are generally intended to be used on a Redhat Enterprise Linux-compatible distribution such as EL6 and EL7.
Please read our Contribution Guide
This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:
bundle exec rake beaker:suitesSome environment variables may be useful:
BEAKER_debug=true
BEAKER_provision=no
BEAKER_destroy=no
BEAKER_use_fixtures_dir_for_modules=yes
BEAKER_fips=yesBEAKER_debug: show the commands being run on the STU and their output.BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from thespec/fixtures/modulesdirectory, based on the contents of.fixtures.yml. The contents of this directory are usually populated bybundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.BEAKER_fips=yes: enable FIPS-mode on the virtual instances. This can take a very long time, because it must enable FIPS in the kernel command-line, rebuild the initramfs, then reboot.
Please refer to the SIMP Beaker Helpers documentation for more information.