Puppet Class: auditd::service

Defined in:
manifests/service.pp

Summary

Ensure that the auditd service is running

Overview

NOTE: THIS IS A [PRIVATE](github.com/puppetlabs/puppetlabs-stdlib#assert_private) CLASS**

Parameters:

  • ensure (Variant[String[1],Boolean]) (defaults to: pick(getvar('auditd::enable'), 'running'))

    “ensure“ state from the service resource

  • enable (Boolean) (defaults to: pick(getvar('auditd::enable'), true))

    “enable“ state from the service resource

  • bypass_kernel_check (Boolean) (defaults to: false)

    Do not check to see if the kernel is enforcing auditing before trying to manage the service.

    • This may be required if auditing is not being actively managed in the kernel and someone has stopped the auditd service by hand.

  • warn_if_reboot_required (Boolean) (defaults to: true)

    Add a “reboot_notify“ warning if the system requires a reboot before the service can be managed.

Author:



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'manifests/service.pp', line 24

class auditd::service (
  Variant[String[1],Boolean] $ensure                  = pick(getvar('auditd::enable'), 'running'),
  Boolean                    $enable                  = pick(getvar('auditd::enable'), true),
  Boolean                    $bypass_kernel_check     = false,
  Boolean                    $warn_if_reboot_required = true
){
  assert_private()

  if $bypass_kernel_check or $facts.dig('simplib__auditd', 'kernel_enforcing') {
    # CCE-27058-7
    service { $auditd::service_name:
      ensure  => $ensure,
      enable  => $enable,
      start   => "/sbin/service ${auditd::service_name} start",
      stop    => "/sbin/service ${auditd::service_name} stop",
      restart => "/sbin/service ${auditd::service_name} restart"
    }
  }
  elsif $warn_if_reboot_required {
    reboot_notify { "${auditd::service_name} service":
      reason =>  "The ${auditd::service_name} service cannot be started when the kernel is not enforcing auditing"
    }
  }
}