commit 535bae6b5167ca37dc1ebc24af9ffdacbfb6540b
author Ivan Berezovskiy <iberezovskiy@mirantis.com> Mon Jul 15 20:09:20 2019 +0400
committer Ivan Berezovskiy <iberezovskiy@mirantis.com> Tue Jul 16 16:05:06 2019 +0400
tree 9883ccc68a8e7809fe7907582500fcb6b8edb9d1
parent d3a2c47ca7108854eb8d2583d55863406cba8f8d

Manage audisp-remote.conf

PROD-31810

Change-Id: Ib2a746d2d3d514f682b1ebd7f71ce539a6e72633

auditd/audisp.sls

diff --git a/auditd/audisp.sls b/auditd/audisp.sls
index d7eaf4b..9936368 100644
--- a/auditd/audisp.sls
+++ b/auditd/audisp.sls
@@ -9,6 +9,22 @@
   pkg.installed:
     - names: {{ audisp.pkgs }}
 
+{%- if audisp.remote is defined %}
+{{ audisp.config_base_path }}/audisp-remote.conf:
+  file.managed:
+    - source: salt://auditd/files/audisp-remote.conf
+    - template: jinja
+    - context:
+      params: {{ audisp.remote }}
+    - user: root
+    - group: root
+    - mode: 0640
+    - require:
+      - pkg: audisp_packages
+    - watch_in:
+      - service: auditd_service
+{%- endif %}
+
   {%- for plugin, plugin_params in audisp.plugins.items() %}
 {{ audisp.config_path }}/{{ plugin }}.conf:
   file.managed:

auditd/files/audisp-remote.conf

diff --git a/auditd/files/audisp-remote.conf b/auditd/files/audisp-remote.conf
new file mode 100644
index 0000000..1d31549
--- /dev/null
+++ b/auditd/files/audisp-remote.conf
@@ -0,0 +1,10 @@
+# This file managed by Salt.
+# All local modifications will be overwritten.
+
+# This file controls the configuration of the audit remote
+# logging subsystem, audisp-remote.
+#
+
+{%- for k, v in params.items() %}
+{{ k }} = {{ v }}
+{%- endfor %}

auditd/map.jinja

diff --git a/auditd/map.jinja b/auditd/map.jinja
index bf32308..20aa1a1 100644
--- a/auditd/map.jinja
+++ b/auditd/map.jinja
@@ -10,6 +10,7 @@
     'Debian': {
         'pkgs': ['audispd-plugins'],
         'enabled': false,
+        'config_base_path': '/etc/audisp',
         'config_path': '/etc/audisp/plugins.d',
     },
 }, grain='os_family', merge=salt['pillar.get']('auditd:audisp')) %}

tests/pillar/audisp.sls

diff --git a/tests/pillar/audisp.sls b/tests/pillar/audisp.sls
index 4706f34..7058b4e 100644
--- a/tests/pillar/audisp.sls
+++ b/tests/pillar/audisp.sls
@@ -34,3 +34,8 @@
         type: builtin
         args: LOG_INFO
         format: string
+    remote:
+      remote_server: audit.host.com
+      port: 1111
+      transport: tcp
+      mode: immediate