auditdconf

manifests/init.pp

@@ -32,6 +32,15 @@
     ensure => 'installed',
   }
 
+  file { '/etc/audit/auditd.conf':
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0640',
+    content => template("${module_name}/auditconf.erb"),
+    require => Package[$audit::params::pkg_audit],
+  }
+
   service { 'auditd':
     ensure    => 'running',
     enable    => true,

manifests/params.pp

@@ -79,7 +79,7 @@
       $sysconfig=true
 
       $audispd_package=undef
-      
+
       case $::operatingsystem
       {
         'SLES':

templates/auditdconf.erb

@@ -1,31 +1,33 @@
-# this file is not currently used
 #
 # puppet managed file
 #
-#
 # This file controls the configuration of the audit daemon
 #
 
+local_events = yes
+write_logs = yes
 log_file = /var/log/audit/audit.log
-log_format = RAW
 log_group = root
-priority_boost = 4
-flush = INCREMENTAL
-freq = 20
+log_format = RAW
+flush = INCREMENTAL_ASYNC
+freq = 50
+max_log_file = 8
 num_logs = 5
+priority_boost = 4
 disp_qos = lossy
 dispatcher = /sbin/audispd
 name_format = NONE
 ##name = mydomain
-max_log_file = 6
 max_log_file_action = ROTATE
 space_left = 75
 space_left_action = SYSLOG
+verify_email = yes
 action_mail_acct = root
 admin_space_left = 50
 admin_space_left_action = SUSPEND
 disk_full_action = SUSPEND
 disk_error_action = SUSPEND
+use_libwrap = yes
 <% defined?(@tcp_listen_port) -%>
 tcp_listen_port = <%= @tcp_listen_port %>
 <% else -%>
@@ -38,3 +40,4 @@ tcp_client_max_idle = 0
 enable_krb5 = no
 krb5_principal = auditd
 ##krb5_key_file = /etc/audit/audit.key
+distribute_network = no