cookbook 'auditd', '= 0.1.0'
auditd (16) Versions 0.1.0 Follow14
Installs/Configures auditd
cookbook 'auditd', '= 0.1.0', :supermarket
knife supermarket install auditd
knife supermarket download auditd
Description
A simple cookbook to install auditd and provided rulesets. Rulesets
included in the auditd package as examples are based on 4 established
standards:
- Controlled Access Protection Profile (CAPP)
- Labeled Security Protection Profile (LSPP)
- National Industrial Security Program Operating Manual (NISPOM)
- Security Technical Implementation Guides
The auditd package provides the client side tools for working with the
linux kernel audit framework
Requirements
linux - any distro, only ubuntu has been tested
Attributes
- node['auditd']['ruleset'] - ruleset to use, either default or one of the provided examples
- node['auditd']['backlog'] - backlog size, default is 320 should be larger for busy systems
Usage
Set the correct attribute based on the rulesset desired, one of:
- "capp" : Controlled Access Protection Profile
- "lspp" : Labeled Security Protection Profile
- "nispom" : National Industrial Security Program Operating Manual (NISPOM)
- "stig" : Security Technical Implementation Guides
TODO
Ideally the auditd_rulset resource should make use of a data bag
search to build the data driven ruleset
Dependent cookbooks
This cookbook has no specified dependencies.