Puppet Class: cis_security_hardening::auditd_cron

Defined in:
manifests/auditd_cron.pp

Summary

Create a cron job to search privileged commands for auditd

Overview

Auditd rules can monitor privileged command use. As filesystems cn be huge and searching the relevant commands can be time consuming this cron job will create a custom fact to provide the auditd rule with appriate imput.

Examples:

include cis_security_hardening::auditd_cron

Parameters:

  • ensure (Enum['present', 'absent']) (defaults to: 'present')

    Whether the cron job should be present or absent.

  • dirs_to_include (Array) (defaults to: ['/usr'])

    A list of directories to search

  • start_time_minute (Integer) (defaults to: 37)

    The minute to start the cronjob

  • start_time_hour (Integer) (defaults to: 3)

    The hour to run the cronjob

  • cron_repeat (Enum['0','2','4','6','8']) (defaults to: '0')

    Interval to repeat the cronjob in hours. 0 means run only once a day.

  • output_file (Stdlib::Absolutepath) (defaults to: '/usr/share/cis_security_hardening/data/auditd_priv_cmds.txt')

    File to write fact data.

  • script (Stdlib::Absolutepath) (defaults to: '/usr/share/cis_security_hardening/bin/auditd_priv_cmds.sh')

    Filename of the script to riun from cron.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'manifests/auditd_cron.pp', line 25

class cis_security_hardening::auditd_cron (
  Enum['present', 'absent'] $ensure       = 'present',
  Array $dirs_to_include                  = ['/usr'],
  Integer $start_time_minute              = 37,
  Integer $start_time_hour                = 3,
  Enum['0','2','4','6','8'] $cron_repeat  = '0',
  Stdlib::Absolutepath $output_file       = '/usr/share/cis_security_hardening/data/auditd_priv_cmds.txt',
  Stdlib::Absolutepath $script            = '/usr/share/cis_security_hardening/bin/auditd_priv_cmds.sh',
) {
  if ! empty($dirs_to_include) {
    file { '/etc/cron.d/auditd_priv_commands.cron':
      ensure => absent,
    }

    file { '/etc/cron.d/auditd_priv_commands':
      ensure  => stdlib::ensure($ensure, file),
      content => epp("${module_name}/auditd_priv_cmds.cron.epp",
        {
          minute      => $start_time_minute,
          hour        => $start_time_hour,
          cron_repeat => $cron_repeat,
          script      => $script,
        },
      ),
      owner   => 'root',
      group   => 'root',
      mode    => '0644',
    }

    file { $script:
      ensure  => stdlib::ensure($ensure, file),
      content => epp("${module_name}/auditd_priv_cmds.epp",
        {
          output_file     => $output_file,
          dirs_to_include => $dirs_to_include,
        },
      ),
      owner   => 'root',
      group   => 'root',
      mode    => '0700',
    }
  }
}