Puppet Class: cis_security_hardening::rules::auditd_process

Defined in:
manifests/rules/auditd_process.pp

Summary

Ensure auditing for processes that start prior to auditd is enabled

Overview

Configure grub so that processes that are capable of being audited can be audited even if they start up prior to auditd startup.

Rationale: Audit events need to be captured on processes that start up prior to auditd, so that potential malicious activity cannot go undetected.

Examples:

class { 'cis_security_hardening::rules::sec_auditd_process':
          enforce => true,
}
include cis_security_hardening::rules::auditd_process

Parameters:

  • enforce (Boolean) (defaults to: false)

    Sets rule enforcement. If set to true, code will be exeuted to bring the system into a comliant state.



23
24
25
26
27
28
29
30
31
32
 
# File 'manifests/rules/auditd_process.pp', line 23

class cis_security_hardening::rules::auditd_process (
  Boolean $enforce = false,
) {
  if $enforce {
    kernel_parameter { 'audit':
      ensure => present,
      value  => '1',
    }
  }
}