Puppet Class: cis_security_hardening::rules::rsyslog_logging

Defined in:
manifests/rules/rsyslog_logging.pp

Summary

Ensure logging is configured

Overview

The /etc/rsyslog.conf and /etc/rsyslog.d/*.conf files specifies rules for logging and which files are to be used to log certain classes of messages.

Rationale: A great deal of important security-related information is sent via rsyslog (e.g., successful and failed su attempts, f ailed login attempts, root login attempts, etc.).

Examples:

class { 'cis_security_hardening::rules::rsyslog_logging':
    enforce => true,
    log_config => {
      '*.emerg' => ':omusrmsg:*',
    }
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule

  • log_config (Hash) (defaults to: {})

    Logfiles to configure



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'manifests/rules/rsyslog_logging.pp', line 26

class cis_security_hardening::rules::rsyslog_logging (
  Boolean $enforce = false,
  Hash $log_config = {},
) {
  if $enforce {
    $log_config.each | $config, $data | {
      $src = $data['src']
      $dst = $data['dst']
      file { "/etc/rsyslog.d/${config}.conf":
        ensure  => file,
        content => "${src} ${dst}",
        notify  => Exec['reload-rsyslog'],
        require => Package['rsyslog'],
      }
    }
  }
}