Puppet Class: cis_security_hardening::rules::auditd_init

Defined in:
manifests/rules/auditd_init.pp

Summary

Initialize auditd rules file

Overview

Write inital rules for auditd

Examples:

class { 'cis_security_hardening::rules::auditd_init':
    enforce => true,
    buffer_size => 8192,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule

  • buffer_size (Integer) (defaults to: 8192)

    Value for Buffer size in rules file header.

  • rules_file (Stdlib::Absolutepath) (defaults to: '/etc/audit/rules.d/cis_security_hardening.rules')

    File to write the rules into.

  • auto_reboot (Boolean) (defaults to: true)

    Trigger a reboot if this rule creates a change. Defaults to true.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'manifests/rules/auditd_init.pp', line 25

class cis_security_hardening::rules::auditd_init (
  Boolean $enforce                 = false,
  Integer $buffer_size             = 8192,
  Stdlib::Absolutepath $rules_file = '/etc/audit/rules.d/cis_security_hardening.rules',
  Boolean $auto_reboot             = true,
) {
  if $enforce {
    $notify = $auto_reboot ? {
      true  => [Exec['reload auditd rules'], Class['cis_security_hardening::reboot']],
      false => Exec['reload auditd rules'],
    }

    file { '/etc/audisp':
      ensure => directory,
      owner  => 'root',
      group  => 'root',
      mode   => '0755',
    }

    ensure_resource('file', '/etc/audisp/plugins.d', {
        ensure => directory,
        owner  => 'root',
        group  => 'root',
        mode   => '0750',
    })

    concat { $rules_file:
      ensure         => present,
      owner          => 'root',
      group          => 'root',
      mode           => '0640',
      ensure_newline => true,
      notify         => $notify,
    }

    concat::fragment { 'auditd init delete rules':
      order   => '01',
      target  => $rules_file,
      content => '-D',
    }

    concat::fragment { 'auditd init set buffer':
      order   => '02',
      target  => $rules_file,
      content => "-b ${buffer_size}",
    }
  }

  exec { 'reload auditd rules':
    refreshonly => true,
    command     => "auditctl -R ${rules_file}", #lint:ignore:security_class_or_define_parameter_in_exec
    path        => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'],
  }
}