Commit 7818bc48 authored by Bill MacAllister's avatar Bill MacAllister
Browse files

Allow the specification of custom rules as a file or a template

parent 3d425ff3
release/001.006 (2015-03-24)
Allow the specification of custom rules as a file or a
template. (whm)
release/001.005 (2015-02-25)
Remove use of auditd message protocol. Use syslog to send audit
......
......@@ -23,6 +23,8 @@
# audit::auditd { "{$::hostname}.stanford.edu": ensure => present }
define audit::auditd (
$content = 'NONE',
$source = 'NONE',
$client_source_port = '650',
$max_log_file = 1000,
$max_log_file_action = 'ROTATE',
......@@ -47,13 +49,25 @@ define audit::auditd (
}
# What to audit
file {
'/etc/audit/audit.rules':
source => "$afile/etc/audit/audit.rules",
require => Package['auditd'];
'/etc/audit/auditd.conf':
content => template('audit/etc/audit/auditd.conf.erb'),
require => Package['auditd'];
if $content == 'NONE' {
if $source == 'NONE' {
$src_rules = "$afile/etc/audit/audit.rules"
} else {
$src_rules = $source
}
file { '/etc/audit/audit.rules':
source => $src_rules,
require => Package['auditd'],
}
} else {
file { '/etc/audit/audit.rules':
content => template($content),
require => Package['auditd'],
}
}
file { '/etc/audit/auditd.conf':
content => template('audit/etc/audit/auditd.conf.erb'),
require => Package['auditd'],
}
# Where to send the audit
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment