Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

auditd (16) Versions 2.3.4

Installs/Configures auditd

Policyfile
Berkshelf
Knife
cookbook 'auditd', '= 2.3.4', :supermarket
cookbook 'auditd', '= 2.3.4'
knife supermarket install auditd
knife supermarket download auditd
README
Dependencies
Changelog
Quality 83%

auditd Cookbook

Build Status
Cookbook Version

A simple cookbook to install auditd and provided rulesets. Rulesets included in the OS auditd/audit package as examples are based on 4 established standards:

The OS package provides the client side tools for working with the linux kernel audit framework.

Requirements

Platforms

  • Debian/Ubuntu
  • RHEL/CentOS/Scientific/Amazon/Oracle 6+

Chef

  • Chef 12.7+

Cookbooks

  • none

Attributes

  • node['auditd']['ruleset'] - ruleset to use, either "default" (the default if unset) or one of the provided examples
  • node['auditd']['backlog'] - backlog size, default is 320 should be larger for busy systems

Usage

If you're using one of the default rulesets set the correct attribute based on the ruleset desired, one of:

  • "capp" : Controlled Access Protection Profile
  • "lspp" : Labeled Security Protection Profile
  • "nispom" : National Industrial Security Program Operating Manual (NISPOM)
  • "stig" : Security Technical Implementation Guides
  • "cis" : Center for Internet Security auditd recommendations

And include recipe[auditd::rules] in your run list. You can also set the attribute node['auditd']['ruleset'] to the name of a custom rule template to be used instead of one of the default rules.

If you are using the recipe from a wrapper cookbook, include the default recipe recipe[auditd] to setup the service and use the auditd_ruleset resource to place your rule template of choice.

If you are not satisfied with any of the provided templates, you can specify the cookbook attribute in auditd_ruleset to use your own set of rules. In this case, do not include recipe[auditd::rules].

Use the auditd::remove recipe to uninstall auditd.

License & Authors

Author: Cookbook Engineering Team (cookbooks@chef.io)

Copyright: 2016, Chef Software, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

stig Applicable Versions

CHANGELOG for auditd

This file is used to list changes made in each version of auditd.

2.3.4 (2018-11-8)

  • Add CIS-rules kitchen suite
  • Update CIS rules to match RHEL/CentOS 7 v2.2.0 benchmarks
  • Add resource to implement CIS defined auditd conf
  • CIS related remediation will only run if "node['auditd']['ruleset']" is set to CIS

2.3.3 (2018-07-17)

  • Fix ~= typo in CIS rules

2.3.2 (2018-07-16)

  • Fix support for Debian 9+ / Ubuntu 18.04+
  • Remove Chef 11/early 12 compatibility in metadata
  • Handle CIS 4.1.14 differing on CentOS/RHEL 6

2.3.1 (2018-07-11)

  • Missing -F flag was causing entire list to fail to load.
  • Controls that previously had auid>=500 now require auid>=1000 in current CIS benchmarks.
  • Updated the audit rules for 4.1.8 to match the current CIS benchmark.

2.3.0 (2018-07-10)

  • Remove ChefSpec matchers which are auto generated by ChefSpec now
  • Update CIS rules for RHEL/CentOS 7 v2.2.0 benchmarks

2.2.0 (2017-11-14)

  • Resolve FC108 warnings
  • Allow specifying the cookbook where the template is in the builtins resource
  • Require Chef 12.7+ due to bugs in 12.5/12.6 custom resources

2.1.1 (2017-07-13)

  • Install "audit" package for Amazon Linux on Chef 13

2.1.0 (2017-05-03)

  • Add support for RHEL 7

2.0.0 (2017-04-26)

  • Convert the existing LWRPs to custom resources, which raises the requires chef version to 12.5+
  • Expand testing to cover the custom resources
  • Let Chef can determine the proper restart command instead of hardcoding logic into the recipe
  • Test with local delivery and not Rake
  • Update apache2 license string
  • Update copyrights

1.0.2 (2017-01-18)

  • Add ChefSpec matchers

1.0.1 (2016-11-25)

  • Enable use_inline_resources in the LWRPs
  • Run integration testing in Travis

1.0.0 (2016-09-08)

  • Testing updates
  • Require Chef 12.0 or later

0.2.0 (2016-08-11)

  • Add uninstall/remove support
  • Update docs with testing and contributing process
  • Use Berkshelf not Librarian for dependency management
  • Add a travis config
  • Add a license file
  • Update the testing to use Rake and remove test deps from the Gemfile. We assume you're in ChefDK now
  • Update the cookbook owner and add chef_version metadata
  • Use the new notification syntax in templates
  • Cookstyle fixes to the code
  • Remove the utf encoding comments. There's no need for this
  • Remove Chef 10 compatibility

0.1.8:

  • add coc and contributing documents
  • update gitignore list for some chef related files
  • update supermarket uri
  • use correct restart command when under systemd on rhel
  • better rule definition support for rhel systems that no longer ship with examples
  • add test suite for capp rules

0.1.2:

  • excluded non-default rulesets for RedHat; they use a version-specific path that I can't find any easy way to determine programatically

0.1.1:

  • added RedHat support

0.1.0:

  • Initial release of auditd

Collaborator Number Metric
            

2.3.4 passed this metric

Contributing File Metric
            

2.3.4 passed this metric

Foodcritic Metric
            

2.3.4 passed this metric

No Binaries Metric
            

2.3.4 passed this metric

Testing File Metric
            

2.3.4 passed this metric

Version Tag Metric
            

2.3.4 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number