Add auditd.py module
It is possible now to pass a list of paths where
suid/sgid binaries should not be find.
The python module uses multiprocessing and can be buggy.
All ideas how to do it more safely (too high I/O and so on)
and keep the performance in the same time, are highly appreciated.
Change-Id: Icd1ae445fb8fed1ea08842606f371223f72bc82f
Closes-PROD: https://mirantis.jira.com/browse/PROD-21273
diff --git a/README.rst b/README.rst
index ec2992d..b9df62f 100644
--- a/README.rst
+++ b/README.rst
@@ -18,10 +18,17 @@
of binaries which have suid/sgid bit for all mounted file systems which do not
have **nosuid** or **noexec** mount option (except the *special* file systems
such as **sysfs**, **nsfs**, **cgroup**, **proc** and so one).
+The list of such *special* file systems can be configured
+with auditd:rules:filter_fs pillar.
+
It was done because it is nearly impossible to create that list manually. It
always will differ from one installation to another.
This behavior can not be changed but it can be extended manually by putting
-necessary rules into the **rule_list** list).
+necessary rules into the **rule_list** list.
+
+Also it is possible to add paths which will be filtered in search. It implements
+the idea of *white lists* but on a directory level, not for a particular file.
+It can be configured with auditd:rules:filter_paths pillar.
Sample Metadata