diff --git a/manifests/init.pp b/manifests/init.pp index 32e2e46..8c82301 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -32,6 +32,15 @@ ensure => 'installed', } + file { '/etc/audit/auditd.conf': + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0640', + content => template("${module_name}/auditconf.erb"), + require => Package[$audit::params::pkg_audit], + } + service { 'auditd': ensure => 'running', enable => true, diff --git a/manifests/params.pp b/manifests/params.pp index 5676b10..6af6d3e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -79,7 +79,7 @@ $sysconfig=true $audispd_package=undef - + case $::operatingsystem { 'SLES': diff --git a/templates/auditdconf.erb b/templates/auditdconf.erb index e888156..663482c 100644 --- a/templates/auditdconf.erb +++ b/templates/auditdconf.erb @@ -1,31 +1,33 @@ -# this file is not currently used # # puppet managed file # -# # This file controls the configuration of the audit daemon # +local_events = yes +write_logs = yes log_file = /var/log/audit/audit.log -log_format = RAW log_group = root -priority_boost = 4 -flush = INCREMENTAL -freq = 20 +log_format = RAW +flush = INCREMENTAL_ASYNC +freq = 50 +max_log_file = 8 num_logs = 5 +priority_boost = 4 disp_qos = lossy dispatcher = /sbin/audispd name_format = NONE ##name = mydomain -max_log_file = 6 max_log_file_action = ROTATE space_left = 75 space_left_action = SYSLOG +verify_email = yes action_mail_acct = root admin_space_left = 50 admin_space_left_action = SUSPEND disk_full_action = SUSPEND disk_error_action = SUSPEND +use_libwrap = yes <% defined?(@tcp_listen_port) -%> tcp_listen_port = <%= @tcp_listen_port %> <% else -%> @@ -38,3 +40,4 @@ tcp_client_max_idle = 0 enable_krb5 = no krb5_principal = auditd ##krb5_key_file = /etc/audit/audit.key +distribute_network = no