Create auditd formula
According to linked prod's we need to create fully functional
auditd formula. This formula allows install and configure auditd, as
well as generate auditd rules and install/configure audisp
plugins if necessary.
Change-Id: Ieb6c889c7fceec7281e1ad019b1f07daf689c3f7
Related-PROD: https://mirantis.jira.com/browse/PROD-20233
Related-PROD: https://mirantis.jira.com/browse/PROD-20138
diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..2057ec5
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,100 @@
+
+==================================
+Auditd Formula
+==================================
+
+The Linux Audit system provides a way to track security-relevant information on
+your system. Based on pre-configured rules, Audit generates log entries to
+record as much information about the events that are happening on your system
+as possible. This information is crucial for mission-critical environments to
+determine the violator of the security policy and the actions they performed.
+Audit does not provide additional security to your system; rather, it can be
+used to discover violations of security policies used on your system.
+These violations can further be prevented by additional security
+measures such as SELinux.
+
+
+
+Sample Metadata
+===============
+
+Single auditd service
+
+.. code-block:: yaml
+ auditd:
+ service:
+ enabled: true
+ log_file: /var/log/audit/audit.log
+ log_format: NOLOG
+ log_group: root
+ priority_boost: 4
+ flush: INCREMENTAL
+ freq: 20
+ num_logs: 5
+ disp_qos: lossy
+ dispatcher: /sbin/audispd
+ name_format: HOSTNAME
+ max_log_file: 6
+ max_log_file_action: ROTATE
+ space_left: 75
+ space_left_action: SYSLOG
+ action_mail_acct: root
+ admin_space_left: 50
+ admin_space_left_action: SUSPEND
+ disk_full_action: SUSPEND
+ disk_error_action: SUSPEND
+ tcp_listen_queue: 5
+ tcp_max_per_addr: 1
+ tcp_client_max_idle: 0
+ enable_krb5: 'no'
+ krb5_principal: auditd
+ audisp:
+ enabled: true
+ rules:
+ options:
+ enabled: 0
+ bufsize: 8192
+ rules:
+ some_rule_key:
+ enabled: true
+ rule_list:
+ - '-w /etc/passwd -p wa'
+ - '-a always,exit -F arch=b64 -S mount'
+
+
+References
+=========
+https://github.com/linux-audit/audit-documentation/wiki
+https://linux-audit.com
+https://github.com/linux-audit/audit-userspace
+
+Documentation and Bugs
+======================
+
+To learn how to install and update salt-formulas, consult the documentation
+available online at:
+
+ http://salt-formulas.readthedocs.io/
+
+In the unfortunate event that bugs are discovered, they should be reported to
+the appropriate issue tracker. Use GitHub issue tracker for specific salt
+formula:
+
+ https://github.com/salt-formulas/salt-formula-auditd/issues
+
+For feature requests, bug reports or blueprints affecting entire ecosystem,
+use Launchpad salt-formulas project:
+
+ https://launchpad.net/salt-formulas
+
+Developers wishing to work on the salt-formulas projects should always base
+their work on master branch and submit pull request against specific formula.
+
+You should also subscribe to mailing list (salt-formulas@freelists.org):
+
+ https://www.freelists.org/list/salt-formulas
+
+Any questions or feedback is always welcome so feel free to join our IRC
+channel:
+
+ #salt-formulas @ irc.freenode.net