aaron/ansible-role-auditd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add auditd role

Browse Source
This commit is contained in:
aaron
2021-08-24 13:07:16 +02:00
parent 28d2e86454
commit f10a3dde5a
13 changed files with 494 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
templates/auditd.conf.j2 Normal file
View File

@@ -0,0 +1,28 @@
local_events = {{ auditd_local_events }}
write_logs = {{ auditd_write_logs }}
log_file = {{ auditd_log_file }}
log_format = {{ auditd_log_format }}
log_group = {{ auditd_log_group }}
priority_boost = {{ auditd_priority_boost }}
flush = {{ auditd_flush_strategy }}
freq = {{ auditd_flush_freq }}
num_logs = {{ auditd_num_logs }}
disp_qos = {{ auditd_disp_qos }}
dispatcher = {{ auditd_dispatcher }}
name_format = {{ auditd_name_format }}
max_log_file = {{ auditd_max_log_file_size }}
max_log_file_action {{ auditd_max_log_file_action }}
action_mail_acct = {{ auditd_action_mail_acct }}
space_left = {{ auditd_space_left }}
space_left_action = {{ auditd_space_left_action }}
admin_space_left = {{ auditd_admin_space_left }}
admin_space_left_action = {{ auditd_admin_space_left_action }}
disk_full_action = {{ auditd_disk_full_action }}
disk_error_action = {{ auditd_disk_error_action }}
tcp_listen_queue = {{ auditd_tcp_listen_queue }}
tcp_max_per_addr = {{ auditd_tcp_max_per_addr }}
use_libwrap = {{ auditd_use_libwrap }}
tcp_client_max_idle = {{ auditd_tcp_client_max_idle }}
enable_krb5 = {{ auditd_enable_krb5 }}
krb5_principal = {{ auditd_krb5_principal }}
distribute_network = {{ auditd_distribute_network }}

25
templates/custom.rules.j2 Normal file
View File

@@ -0,0 +1,25 @@
# Delete all previous rules
-D
# Set buffer size
-b {{ auditd_custom_buffer_size }}
# Define enable flag
-e {{ auditd_custom_enable_flag }}
# Define what happens in case of a failure
-f {{ auditd_custom_on_failure }}
# Max amount of messages per second
-r {{ auditd_custom_max_msg_per_sec }}
# ansible generated custom rules
{% if auditd_custom_rules is defined %}
{% for rule in auditd_custom_rules %}
{% if rule.type == 'filesystem' %}
-w {{ rule.file }} -p {{ rule.permissions }} -k {{ rule.comment }}
{% endif %}
{% if rule.type == 'syscall' %}
-a {{ rule.action }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %}{% if rule.syscalls is defined %}{% for syscall in rule.syscalls %} -S {{ syscall }}{% endfor %}{% endif %} -k {{ rule.comment }}
{% endif %}
{% if rule.type == 'executable' %}
-a {{ rule.action }} -F exe={{ rule.executable }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %} -S execve -k {{ rule.comment }}
{% endif %}
{% endfor %}
{% endif %}