{"id":19402172,"url":"https://github.com/robertdebock/ansible-role-auditd","last_synced_at":"2026-03-17T15:33:38.085Z","repository":{"id":41655206,"uuid":"192550138","full_name":"robertdebock/ansible-role-auditd","owner":"robertdebock","description":"Install and configure auditd on your system.","archived":false,"fork":false,"pushed_at":"2024-09-12T13:12:37.000Z","size":220,"stargazers_count":14,"open_issues_count":10,"forks_count":16,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-09-13T01:12:16.531Z","etag":null,"topics":["ansible","auditd","molecule","monitoring","playbook","security","system","tox"],"latest_commit_sha":null,"homepage":"https://robertdebock.nl/","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/robertdebock.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"robertdebock"}},"created_at":"2019-06-18T13:53:52.000Z","updated_at":"2024-09-12T13:11:46.000Z","dependencies_parsed_at":"2023-02-15T07:01:40.825Z","dependency_job_id":"bfa7a6e3-9423-405d-b6ec-de2a0ab6c645","html_url":"https://github.com/robertdebock/ansible-role-auditd","commit_stats":null,"previous_names":[],"tags_count":63,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-auditd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-auditd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-auditd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-auditd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/robertdebock","download_url":"https://codeload.github.com/robertdebock/ansible-role-auditd/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223944659,"owners_count":17229490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","auditd","molecule","monitoring","playbook","security","system","tox"],"created_at":"2024-11-10T11:22:25.348Z","updated_at":"2026-03-17T15:33:38.074Z","avatar_url":"https://github.com/robertdebock.png","language":"Jinja","funding_links":["https://github.com/sponsors/robertdebock"],"categories":[],"sub_categories":[],"readme":"# [Ansible role auditd](#ansible-role-auditd)\n\nInstall and configure auditd on your system.\n\n|GitHub|GitLab|Downloads|Version|\n|------|------|---------|-------|\n|[![github](https://github.com/robertdebock/ansible-role-auditd/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-auditd/actions)|[![gitlab](https://gitlab.com/robertdebock-iac/ansible-role-auditd/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-auditd)|[![downloads](https://img.shields.io/ansible/role/d/robertdebock/auditd)](https://galaxy.ansible.com/robertdebock/auditd)|[![Version](https://img.shields.io/github/release/robertdebock/ansible-role-auditd.svg)](https://github.com/robertdebock/ansible-role-auditd/releases/)|\n\n## [Example Playbook](#example-playbook)\n\nThis example is taken from [`molecule/default/converge.yml`](https://github.com/robertdebock/ansible-role-auditd/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release.\n\n```yaml\n---\n- name: Converge\n hosts: all\n become: true\n gather_facts: true\n\n roles:\n - role: robertdebock.auditd\n auditd_start_service: false\n auditd_local_events: \"no\"\n auditd_rules:\n - file: /var/log/audit/\n keyname: auditlog\n - file: /etc/audit/\n permissions:\n - write\n - attribute_change\n keyname: auditconfig\n - file: /etc/libaudit.conf\n permissions:\n - write\n - attribute_change\n keyname: auditconfig\n - file: /etc/audisp/\n permissions:\n - write\n - attribute_change\n keyname: audispconfig\n - file: /sbin/auditctl\n permissions:\n - execute\n keyname: audittools\n - file: /sbin/auditd\n permissions:\n - execute\n keyname: audittools\n - syscall: open\n action: always\n filter: exit\n filters:\n - auid!=4294967295\n - auid!=unset\n keyname: my_keyname\n arch: b32\n - syscall: adjtimex\n action: always\n filter: exit\n keyname: time_change\n - syscall: settimeofday\n action: always\n filter: exit\n keyname: time_change\n - action: always\n filter: exit\n filters:\n - path=/bin/ping\n - perm=x\n - auid\u003e=500\n - auid!=4294967295\n keyname: privileged\n```\n\nThe machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/robertdebock/ansible-role-auditd/blob/master/molecule/default/prepare.yml):\n\n```yaml\n---\n- name: Prepare\n hosts: all\n become: true\n gather_facts: false\n\n roles:\n - role: robertdebock.bootstrap\n```\n\nAlso see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles.\n\n## [Role Variables](#role-variables)\n\nThe default values for the variables are set in [`defaults/main.yml`](https://github.com/robertdebock/ansible-role-auditd/blob/master/defaults/main.yml):\n\n```yaml\n---\n# defaults file for auditd\n\n# Below variables are docuemented in the man page for auditd.conf\n# https://linux.die.net/man/5/auditd.conf\nauditd_buffer_size: 32768\nauditd_fail_mode: 1\nauditd_maximum_rate: 60\nauditd_enable_flag: 1\nauditd_local_events: \"yes\"\nauditd_write_logs: \"yes\"\nauditd_log_file: /var/log/audit/audit.log\nauditd_log_group: root\nauditd_log_format: RAW\nauditd_flush: incremental_async\nauditd_freq: 50\nauditd_max_log_file: 8\nauditd_num_logs: 5\nauditd_priority_boost: 4\nauditd_disp_qos: lossy\nauditd_dispatcher: /sbin/audispd\nauditd_name_format: none\nauditd_max_log_file_action: rotate\nauditd_space_left: \"75\" # This can be a number ('25') or a percentage. ('25%')\nauditd_space_left_action: syslog\nauditd_verify_email: \"yes\"\nauditd_action_mail_acct: root\nauditd_admin_space_left: 50\nauditd_admin_space_left_action: suspend\nauditd_disk_full_action: suspend\nauditd_disk_error_action: suspend\nauditd_use_libwrap: \"yes\"\nauditd_tcp_listen_queue: 5\nauditd_tcp_max_per_addr: 1\nauditd_tcp_client_max_idle: 0\nauditd_enable_krb5: \"no\"\nauditd_krb5_principal: auditd\nauditd_distribute_network: \"no\"\n\n# You can opt to manage the rules with this role or not.\n# Setting auditd_manage_rules to false will not manage the rules.\nauditd_manage_rules: true\n\n# Some rules require a specific architecture to be set.\nauditd_default_arch: b64\n\n\n# You can opt to start the auditd service or not.\n# Mostly useful in CI, to avoid starting the service.\nauditd_start_service: true\n```\n\n## [Requirements](#requirements)\n\n- pip packages listed in [requirements.txt](https://github.com/robertdebock/ansible-role-auditd/blob/master/requirements.txt).\n\n## [State of used roles](#state-of-used-roles)\n\nThe following roles are used to prepare a system. You can prepare your system in another way.\n\n| Requirement | GitHub | GitLab |\n|-------------|--------|--------|\n|[robertdebock.bootstrap](https://galaxy.ansible.com/robertdebock/bootstrap)|[![Build Status GitHub](https://github.com/robertdebock/ansible-role-bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-bootstrap/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-bootstrap/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-bootstrap)|\n\n## [Context](#context)\n\nThis role is part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information.\n\nHere is an overview of related roles:\n![dependencies](https://raw.githubusercontent.com/robertdebock/ansible-role-auditd/png/requirements.png \"Dependencies\")\n\n## [Compatibility](#compatibility)\n\nThis role has been tested on these [container images](https://hub.docker.com/u/robertdebock):\n\n|container|tags|\n|---------|----|\n|[Debian](https://hub.docker.com/r/robertdebock/debian)|bullseye, bookworm, trixie|\n|[EL](https://hub.docker.com/r/robertdebock/enterpriselinux)|9|\n|[Fedora](https://hub.docker.com/r/robertdebock/fedora)|all|\n|[Ubuntu](https://hub.docker.com/r/robertdebock/ubuntu)|jammy, noble|\n\nThe minimum version of Ansible required is 2.12, tests have been done on:\n\n- The previous version.\n- The current version.\n- The development version.\n\nIf you find issues, please register them on [GitHub](https://github.com/robertdebock/ansible-role-auditd/issues).\n\n## [License](#license)\n\n[Apache-2.0](https://github.com/robertdebock/ansible-role-auditd/blob/master/LICENSE).\n\n## [Author Information](#author-information)\n\n[robertdebock](https://robertdebock.nl/)\n\nPlease consider [sponsoring me](https://github.com/sponsors/robertdebock).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobertdebock%2Fansible-role-auditd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobertdebock%2Fansible-role-auditd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobertdebock%2Fansible-role-auditd/lists"}