{"id":15509525,"url":"https://github.com/gibbs/puppet-auditd","last_synced_at":"2025-04-23T02:32:42.221Z","repository":{"id":41965330,"uuid":"466445903","full_name":"gibbs/puppet-auditd","owner":"gibbs","description":"Puppet auditd module","archived":false,"fork":false,"pushed_at":"2025-04-19T15:07:08.000Z","size":97,"stargazers_count":3,"open_issues_count":2,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-19T18:47:59.214Z","etag":null,"topics":["auditd","puppet","puppet-module"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gibbs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-05T12:24:26.000Z","updated_at":"2024-11-28T18:34:38.000Z","dependencies_parsed_at":"2024-01-20T18:44:13.611Z","dependency_job_id":"9d52a172-637b-4658-9308-d1735956a794","html_url":"https://github.com/gibbs/puppet-auditd","commit_stats":{"total_commits":55,"total_committers":4,"mean_commits":13.75,"dds":"0.18181818181818177","last_synced_commit":"53ad2ab7e6deb30090034384e7dbdaeed08a25f6"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gibbs%2Fpuppet-auditd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gibbs%2Fpuppet-auditd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gibbs%2Fpuppet-auditd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gibbs%2Fpuppet-auditd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gibbs","download_url":"https://codeload.github.com/gibbs/puppet-auditd/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250357794,"owners_count":21417357,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auditd","puppet","puppet-module"],"created_at":"2024-10-02T09:43:05.123Z","updated_at":"2025-04-23T02:32:42.197Z","avatar_url":"https://github.com/gibbs.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# auditd\n\n[![Build Status](https://github.com/gibbs/puppet-auditd/workflows/CI/badge.svg)](https://github.com/gibbs/puppet-auditd/actions?query=workflow%3ACI)\n[![Release](https://github.com/gibbs/puppet-auditd/workflows/Release/badge.svg)](https://github.com/gibbs/puppet-auditd/actions?query=workflow%3ARelease)\n[![Puppet Forge](https://img.shields.io/puppetforge/v/genv/auditd.svg?maxAge=2592000?style=plastic)](https://forge.puppet.com/genv/auditd)\n[![Apache-2 License](https://img.shields.io/github/license/gibbs/puppet-auditd.svg)](LICENSE)\n\n## Overview\n\nThis module installs, configures and manages the Linux Audit daemon (auditd)\nand optionally the dispatcher (audisp) for older auditd versions.\n\nNo default rules are provided. See the Reference file for all options.\n\n- [Usage](#usage)\n- [Configuration](#configuration)\n- [Rules](#rules)\n- [Plugins](#plugins)\n- [Dispatcher](#dispatcher)\n- [Limitations](#limitations)\n\n## Usage\n\nIncluding `auditd` and using the defaults will;\n\n- Install the audit daemon package\n- Configure and manage `/etc/audit/auditd.conf` with most default settings\n- Replace all `suspend/halt` settings with `rotate/syslog` to prevent unexpected\navailability issues\n- Manage `/etc/audit/rules.d/audit.rules`\n- Enable and manage the `auditd` service\n\n```puppet\ninclude auditd\n```\n\n## Configuration\n\nThe `auditd::config` parameter is used to configure the `auditd.conf` file:\n\n- By default actions use `rotate/syslog` instead of `suspend/halt`\n- Key names are based on documented settings in `man auditd.conf`\n\n## Rules\n\nThe `auditd::rule` define is used to create and manage auditd rules.\n\n```puppet\nauditd::rule { 'insmod':\n  content =\u003e '-w /sbin/insmod -p x -k modules',\n  order   =\u003e 10,\n}\n\nauditd::rule { '-w /var/run/utmp -p wa -k session': }\n```\n\nA hash can also be passed to the main `auditd` class with the `rules` parameter:\n\n```puppet\nclass { 'auditd':\n  rules =\u003e {\n    insmod =\u003e {\n      content =\u003e '-w /sbin/insmod -p x -k modules',\n      order   =\u003e 10,\n    },\n    sudoers_changes =\u003e {\n      content =\u003e '-w /etc/sudoers -p wa -k scope',\n      order   =\u003e 50,\n    },\n  },\n}\n```\n\nWith Hiera:\n\n```yaml\nauditd::rules:\n  insmod:\n    content: -w /sbin/insmod -p x -k modules\n    order: 10\n  sudoers_changes:\n    content: -w /etc/sudoers -p wa -k scope\n    order: 50\n```\n\n## Plugins\n\nThe `auditd::plugin` define is used to create and manage auditd plugin files.\n\n```puppet\nauditd::plugin { 'clickhouse':\n  active    =\u003e 'yes',\n  direction =\u003e 'out',\n  path      =\u003e '/usr/libexec/auditd-plugin-clickhouse',\n  type      =\u003e 'always',\n  args      =\u003e '/etc/audit/auditd-clickhouse.conf',\n  format    =\u003e 'string',\n}\n```\n\nA hash can also be passed to the main `auditd` with the `plugins` parameter:\n\n```puppet\nclass { 'auditd':\n  plugins =\u003e {\n    auoms =\u003e {\n      active    =\u003e 'no',\n      direction =\u003e 'out',\n      path      =\u003e '/opt/microsoft/auoms/bin/auomscollect',\n    },\n  },\n}\n```\n\nWith Hiera:\n\n```yaml\nauditd::plugins:\n  clickhouse:\n    active: 'yes'\n    direction: 'out'\n    path: /usr/libexec/auditd-plugin-clickhouse\n    args: /etc/audit/auditd-clickhouse.conf\n```\n\n## Dispatcher\n\nThe `auditd::audisp` class can be used to manage the dispatcher *for version 2*.\nUsing this class on more recent auditd versions (v3) is not necessary and is\nequivalent to:\n\n```puppet\npackage { 'audispd-plugins':\n  ensure =\u003e 'installed',\n}\n```\n\nIn v3 `audisp` settings can be part of `auditd::config`. For v2 use\n`auditd::audisp`:\n\n```puppet\nclass { 'auditd::audisp':\n  config =\u003e {\n    q_depth     =\u003e 250,\n    name_format =\u003e 'hostname',\n  },\n}\n```\n\n```yaml\nauditd::audisp::config:\n  q_depth: 250\n  overflow_action: syslog\n  priority_boost: 4\n  max_restarts: 10\n  name_format: hostname\n  plugin_dir: /etc/audisp/plugins.d/\n```\n\n### audisp plugins\n\nThe `auditd::plugin` define can be used to be manage audisp plugins by setting\n`plugin_type` to `audisp`:\n\n```puppet\nauditd::plugin { 'syslog':\n  active      =\u003e 'yes',\n  direction   =\u003e 'out',\n  path        =\u003e '/sbin/audisp-syslog',\n  type        =\u003e 'always',\n  args        =\u003e 'LOG_INFO',\n  format      =\u003e 'string',\n  plugin_type =\u003e 'audisp',\n}\n```\n\n## Limitations\n\nThe `RefuseManualStop` systemd unit option has been set to `no` to allow for\neasier upgrades and management. See [auditd.service and RefuseManualStop](https://lists.freedesktop.org/archives/systemd-devel/2014-April/018608.html)\nfor a discussion on this subject.\n\nConfiguration files distributed via `audispd-plugins` are not currently managed.\n\nThis package has been tested primarily on Debian family distributions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgibbs%2Fpuppet-auditd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgibbs%2Fpuppet-auditd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgibbs%2Fpuppet-auditd/lists"}