cookbook 'auditd', '= 0.1.3', :supermarket
auditd (14) Versions 0.1.3 Follow10
cookbook 'auditd', '= 0.1.3'
knife cookbook site install auditd
knife cookbook site download auditd
A simple cookbook to install auditd and provided rulesets. Rulesets included in the auditd package as examples are based on 4 established standards:
- Controlled Access Protection Profile (CAPP)
- Labeled Security Protection Profile (LSPP)
- National Industrial Security Program Operating Manual (NISPOM)
- Security Technical Implementation Guides
The auditd package provides the client side tools for working with the linux kernel audit framework
linux - any distro, only ubuntu and RHEL 6 have been tested
- node['auditd']['ruleset'] - ruleset to use, either default or one of
the provided examples
- NOTE: When using this recipe on RedHat systems, you're restricted to the "default" or "cis" rulesets, as RedHat uses version-specific paths for the .rules which we can't programatically determine at this time.
- node['auditd']['backlog'] - backlog size, default is 320 should be larger for busy systems
Set the correct attribute based on the ruleset desired, one of:
- "capp" : Controlled Access Protection Profile
- "lspp" : Labeled Security Protection Profile
- "nispom" : National Industrial Security Program Operating Manual (NISPOM)
- "stig" : Security Technical Implementation Guides
- "cis" : Center for Internet Security auditd recommendations
Ideally the auditd_rulset resource should make use of a data bag search to build the data driven ruleset
This cookbook has no specified dependencies.