Puppet Class: aide

Defined in:
manifests/init.pp

Summary

The class manages the installation and configuration of Advanced Intrusion Detection Environment.

Overview

Copyright © 2022 The Trustees of Indiana University SPDX-License-Identifier: BSD-3-Clause

Default: False Exclude the ‘–config $conf_path’ argument from the CRON job. This is helpful if you have 3rd party hardening scripts that are causing false negatives for AIDE runs.

Examples:

include aide

Parameters:

  • package (String)

    AIDE package name. Default is set to aide.

  • version (String)

    AIDE version for installation passed to Package ensure. Default is set to latest.

  • conf_path (String)

    Location of AIDE configuration file.

  • db_path (String)

    Location of AIDE database file.

  • db_temp_path (String)

    Location of update AIDE database file.

  • gzip_dbout (Boolean)

    Gzip the AIDE database file (may affect performance). Default is set to not gzip the database file.

  • config_template (String)

    Template to use for aide configuration.

  • aide_log (String)

    AIDE check output log.

  • syslogout (Boolean)

    Enables logging to the system logging service AUTH facility and ‘/var/log/messages’.

  • hour (Cron::Hour) (defaults to: '0')

    Hour of cron job to run.

  • minute (Cron::Minute) (defaults to: '0')

    Minute of cron job to run.

  • date (Cron::Date) (defaults to: '*')

    Date of cron job to run.

  • month (Cron::Month) (defaults to: '*')

    Month of cron job to run.

  • weekday (Cron::Weekday) (defaults to: '*')

    Day of week of cron job to run.

  • exclude_config_argument (Boolean) (defaults to: false)
  • nocheck (Boolean)

    Whether to enable or disable scheduled checks.

  • mailto (Optional[String])

    Set this vaule to send email of results from aide –check in cron.

  • mail_only_on_changes (Boolean)

    If mail_only_on_changes is set to true, mails are only sent if changes are detected by AIDE. By default this flag is set to false

  • max_mail_lines (Optional[Integer[1]])

    Undef by default. If set, mail output is capped to the first max_mail_lines number of lines (to prevent too large mail bodies).

  • init_timeout (Integer)

    Allows to adjust timeout of the “aide –init” run. Puppet default exec timeout is 300 (which is also kept), but this may be insufficient for more complex aide DBs.

  • report_ignore_e2fsattrs (Optional[String])

    List (no delimiter) of ext2 file attributes which are to be ignored in the final report. See chattr(1) for the available attributes. Use ‘0’ to not ignore any attribute. Ignored attributes are represented by a ‘:’ in the output. The default is to not ignore any ext2 file attribute.

  • cat_path (String)

    is the system cat command path.

  • rm_path (String)

    is the system rm command path.

  • head_path (String)

    is the system head command path.

  • aide_path (String)

    is the aide path

  • mail_path (String)

    is the aide path



90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
 
# File 'manifests/init.pp', line 90

class aide (
  String $package,
  String $version,
  String $conf_path,
  String $db_path,
  String $db_temp_path,
  Boolean $gzip_dbout,
  String $aide_path,
  String $mail_path,
  String $config_template,
  Optional[String] $report_ignore_e2fsattrs,
  String $aide_log,
  Boolean $syslogout,
  Boolean $nocheck,
  Optional[String] $mailto,
  Boolean $mail_only_on_changes,
  Optional[Integer[1]] $max_mail_lines,
  Integer $init_timeout,
  String $cat_path,
  String $rm_path,
  String $head_path,
  Cron::Minute        $minute      = '0',
  Cron::Hour          $hour        = '0',
  Cron::Date          $date        = '*',
  Cron::Month         $month       = '*',
  Cron::Weekday       $weekday     = '*',
  Boolean $exclude_config_argument = false,
) {
  # Used to throttle I/O and CPU load of AIDE.
  package { 'util-linux':
    ensure => 'present',
  }

  package { $package:
    ensure => $version,
  }

  -> class { 'aide::cron':
    aide_path               => $aide_path,
    cat_path                => $cat_path,
    rm_path                 => $rm_path,
    head_path               => $head_path,
    mail_path               => $mail_path,
    minute                  => $minute,
    hour                    => $hour,
    date                    => $date,
    month                   => $month,
    weekday                 => $weekday,
    exclude_config_argument => $exclude_config_argument,
    nocheck                 => $nocheck,
    mailto                  => $mailto,
    mail_only_on_changes    => $mail_only_on_changes,
    max_mail_lines          => $max_mail_lines,
    conf_path               => $conf_path,
    require                 => Package[$package],
  }

  -> class { 'aide::config':
    conf_path               => $conf_path,
    db_path                 => $db_path,
    db_temp_path            => $db_temp_path,
    gzip_dbout              => $gzip_dbout,
    aide_log                => $aide_log,
    syslogout               => $syslogout,
    report_ignore_e2fsattrs => $report_ignore_e2fsattrs,
    config_template         => $config_template,
    require                 => Package[$package],
  }

  ~> class { 'aide::firstrun':
    aide_path    => $aide_path,
    conf_path    => $conf_path,
    db_temp_path => $db_temp_path,
    db_path      => $db_path,
    init_timeout => $init_timeout,
    require      => Package[$package],
  }
}