Blame - README.rst - salt-formulas/auditd

blob: a3713c1f6c181f5b8557120864f1926c7ed99f3f [file] [log] [blame]

Ivan Suzdal	50a360f	2018-06-04 16:07:41 +0400	[diff] [blame]	1
				2	==================================
				3	Auditd Formula
				4	==================================
				5
				6	The Linux Audit system provides a way to track security-relevant information on
				7	your system. Based on pre-configured rules, Audit generates log entries to
				8	record as much information about the events that are happening on your system
				9	as possible. This information is crucial for mission-critical environments to
				10	determine the violator of the security policy and the actions they performed.
				11	Audit does not provide additional security to your system; rather, it can be
				12	used to discover violations of security policies used on your system.
				13	These violations can further be prevented by additional security
				14	measures such as SELinux.
				15
				16
				17
				18	Sample Metadata
				19	===============
				20
				21	Single auditd service
				22
				23	.. code-block:: yaml
				24	auditd:
				25	service:
				26	enabled: true
				27	log_file: /var/log/audit/audit.log
				28	log_format: NOLOG
				29	log_group: root
				30	priority_boost: 4
				31	flush: INCREMENTAL
				32	freq: 20
				33	num_logs: 5
				34	disp_qos: lossy
				35	dispatcher: /sbin/audispd
				36	name_format: HOSTNAME
				37	max_log_file: 6
				38	max_log_file_action: ROTATE
				39	space_left: 75
				40	space_left_action: SYSLOG
				41	action_mail_acct: root
				42	admin_space_left: 50
				43	admin_space_left_action: SUSPEND
				44	disk_full_action: SUSPEND
				45	disk_error_action: SUSPEND
				46	tcp_listen_queue: 5
				47	tcp_max_per_addr: 1
				48	tcp_client_max_idle: 0
				49	enable_krb5: 'no'
				50	krb5_principal: auditd
				51	audisp:
				52	enabled: true
				53	rules:
				54	options:
				55	enabled: 0
				56	bufsize: 8192
				57	rules:
				58	some_rule_key:
				59	enabled: true
				60	rule_list:
				61	- '-w /etc/passwd -p wa'
				62	- '-a always,exit -F arch=b64 -S mount'
				63
Oleksii Chupryn	509fe27	2018-06-12 13:39:26 +0300	[diff] [blame^]	64	Auditd service with syslog plugin configuration
				65
				66	.. code-block:: yaml
				67
				68	auditd:
				69	service:
				70	enabled: true
				71	log_format: NOLOG
				72	...
				73	audisp:
				74	enabled: true
				75	plugins:
				76	syslog:
				77	active: 'yes'
				78	direction: out
				79	path: builtin_syslog
				80	type: builtin
				81	args: 'LOG_INFO LOG_LOCAL6'
				82	format: string
Ivan Suzdal	50a360f	2018-06-04 16:07:41 +0400	[diff] [blame]	83
				84	References
				85	=========
				86	https://github.com/linux-audit/audit-documentation/wiki
				87	https://linux-audit.com
				88	https://github.com/linux-audit/audit-userspace
				89
				90	Documentation and Bugs
				91	======================
				92
				93	To learn how to install and update salt-formulas, consult the documentation
				94	available online at:
				95
				96	http://salt-formulas.readthedocs.io/
				97
				98	In the unfortunate event that bugs are discovered, they should be reported to
				99	the appropriate issue tracker. Use GitHub issue tracker for specific salt
				100	formula:
				101
				102	https://github.com/salt-formulas/salt-formula-auditd/issues
				103
				104	For feature requests, bug reports or blueprints affecting entire ecosystem,
				105	use Launchpad salt-formulas project:
				106
				107	https://launchpad.net/salt-formulas
				108
				109	Developers wishing to work on the salt-formulas projects should always base
				110	their work on master branch and submit pull request against specific formula.
				111
				112	You should also subscribe to mailing list (salt-formulas@freelists.org):
				113
				114	https://www.freelists.org/list/salt-formulas
				115
				116	Any questions or feedback is always welcome so feel free to join our IRC
				117	channel:
				118
				119	#salt-formulas @ irc.freenode.net