cookbook 'auditd', '= 0.2.0'
auditd (16) Versions 0.2.0 Follow14
Installs/Configures auditd
cookbook 'auditd', '= 0.2.0', :supermarket
knife supermarket install auditd
knife supermarket download auditd
auditd Cookbook
A simple cookbook to install auditd and provided rulesets. Rulesets
included in the OS auditd/audit package as examples are based on 4
established standards:
- Controlled Access Protection Profile (CAPP)
- Labeled Security Protection Profile (LSPP)
- National Industrial Security Program Operating Manual (NISPOM)
- Security Technical Implementation Guides
The OS package provides the client side tools for working with the
linux kernel audit framework.
Requirements
Linux : any distribution in theory, but only Ubuntu and RHEL 6 have been tested.
Attributes
- node['auditd']['ruleset'] - ruleset to use, either "default" (the default if unset) or one of the provided examples
- node['auditd']['backlog'] - backlog size, default is 320 should be larger for busy systems
Usage
If you're using one of the default rulesets set the correct attribute
based on the ruleset desired, one of:
- "capp" : Controlled Access Protection Profile
- "lspp" : Labeled Security Protection Profile
- "nispom" : National Industrial Security Program Operating Manual (NISPOM)
- "stig" : Security Technical Implementation Guides
- "cis" : Center for Internet Security auditd recommendations
And include recipe[auditd::rules]
in your run list. You can also set
the attribute node['auditd']['ruleset']
to the name of a custom rule
template to be used instead of one of the default rules.
If you are using the recipe from a wrapper cookbook, include the
default recipe recipe[auditd]
to setup the service and use the
auditd_ruleset
resource to place your rule template of choice.
If you are not satisfied with any of the provided templates, you can
specify the cookbook
attribute in auditd_ruleset
to use your own
set of rules. In this case, do not include recipe[auditd::rules]
.
Use the auditd::remove
recipe to uninstall auditd.
TODO
Ideally the auditd_ruleset resource could make use of a data bag
search to build the data driven ruleset
Make builtins an array attribute to allow user updates without
cookbook release.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
CHANGELOG for auditd
This file is used to list changes made in each version of auditd.
0.2.0 (2016-08-11)
- Add uninstall/remove support
- Update docs with testing and contributing process
- Use Berkshelf not Librarian for dependency management
- Add a travis config
- Add a license file
- Update the testing to use Rake and remove test deps from the Gemfile. We assume you're in ChefDK now
- Update the cookbook owner and add chef_version metadata
- Use the new notification syntax in templates
- Cookstyle fixes to the code
- Remove the utf encoding comments. There's no need for this
- Remove Chef 10 compatibility
0.1.8:
- add coc and contributing documents
- update gitignore list for some chef related files
- update supermarket uri
- use correct restart command when under systemd on rhel
- better rule definition support for rhel systems that no longer ship with examples
- add test suite for capp rules
0.1.2:
- excluded non-default rulesets for RedHat; they use a version-specific path that I can't find any easy way to determine programatically
0.1.1:
- added RedHat support
0.1.0:
- Initial release of auditd
Collaborator Number Metric
0.2.0 passed this metric
Foodcritic Metric
0.2.0 failed this metric
FC017: LWRP does not notify when updated: /tmp/c0c764fef124c59f2e492eb1/auditd/providers/builtins.rb:22
FC017: LWRP does not notify when updated: /tmp/c0c764fef124c59f2e492eb1/auditd/providers/ruleset.rb:21
FC059: LWRP provider does not declare use_inline_resources: /tmp/c0c764fef124c59f2e492eb1/auditd/providers/builtins.rb:1
FC059: LWRP provider does not declare use_inline_resources: /tmp/c0c764fef124c59f2e492eb1/auditd/providers/ruleset.rb:1
0.2.0 passed this metric
0.2.0 failed this metric
FC017: LWRP does not notify when updated: /tmp/c0c764fef124c59f2e492eb1/auditd/providers/builtins.rb:22
FC017: LWRP does not notify when updated: /tmp/c0c764fef124c59f2e492eb1/auditd/providers/ruleset.rb:21
FC059: LWRP provider does not declare use_inline_resources: /tmp/c0c764fef124c59f2e492eb1/auditd/providers/builtins.rb:1
FC059: LWRP provider does not declare use_inline_resources: /tmp/c0c764fef124c59f2e492eb1/auditd/providers/ruleset.rb:1