buluma.auditd
Ansible Role auditd
This role installs and sets up auditd on your system.
| GitHub | Version | Issues | Pull Requests | Downloads |
|---|---|---|---|---|
 |
 |
 |
 |
 |
Example Playbook
Here’s an example playbook, checked on every update:
---
- name: Install and setup auditd
hosts: all
become: true
gather_facts: true
roles:
- role: buluma.auditd
auditd_start_service: false
auditd_local_events: "no"
auditd_rules:
- file: /var/log/audit/
keyname: auditlog
- file: /etc/audit/
permissions:
- write
- attribute_change
keyname: auditconfig
- file: /etc/libaudit.conf
permissions:
- write
- attribute_change
keyname: auditconfig
- file: /etc/audisp/
permissions:
- write
- attribute_change
keyname: audispconfig
- file: /sbin/auditctl
permissions:
- execute
keyname: audittools
- file: /sbin/auditd
permissions:
- execute
keyname: audittools
- syscall: open
action: always
filter: exit
filters:
- auid!=4294967295
- auid!=unset
keyname: my_keyname
arch: b32
- syscall: adjtimex
action: always
filter: exit
keyname: time_change
- syscall: settimeofday
action: always
filter: exit
keyname: time_change
- action: always
filter: exit
filters:
- path=/bin/ping
- perm=x
- auid>=500
- auid!=4294967295
keyname: privileged
To prepare the machine, you can use this:
---
- name: Prepare the machine
hosts: all
become: true
gather_facts: false
roles:
- role: buluma.bootstrap
For more details, check this full explanation about using these roles.
Role Variables
Default variable values are found in defaults/main.yml:
---
# Default settings for auditd
auditd_buffer_size: 32768
auditd_fail_mode: 1
auditd_maximum_rate: 60
auditd_enable_flag: 1
auditd_local_events: "yes"
auditd_write_logs: "yes"
auditd_log_file: /var/log/audit/audit.log
auditd_log_group: root
auditd_log_format: RAW
auditd_flush: incremental_async
auditd_freq: 50
auditd_max_log_file: 8
auditd_num_logs: 5
auditd_priority_boost: 4
auditd_disp_qos: lossy
auditd_dispatcher: /sbin/audispd
auditd_name_format: none
auditd_max_log_file_action: rotate
auditd_space_left: "75"
auditd_space_left_action: syslog
auditd_verify_email: "yes"
auditd_action_mail_acct: root
auditd_admin_space_left: 50
auditd_admin_space_left_action: suspend
auditd_disk_full_action: suspend
auditd_disk_error_action: suspend
auditd_use_libwrap: "yes"
auditd_tcp_listen_queue: 5
auditd_tcp_max_per_addr: 1
auditd_tcp_client_max_idle: 0
auditd_enable_krb5: "no"
auditd_krb5_principal: auditd
auditd_distribute_network: "no"
# Control whether to manage rules or not.
auditd_manage_rules: true
# Define the architecture for specific rules.
auditd_default_arch: b64
# Option to control starting the auditd service.
auditd_start_service: true
Requirements
- Install the pip packages listed in requirements.txt.
State of Used Roles
These roles help prepare your system:
| Requirement | GitHub | Version |
|---|---|---|
| buluma.bootstrap |  |
 |
Context
This role is part of various compatible roles. For more information, check the documentation of these roles.
Compatibility
This role works with these container images:
| Container | Tags |
|---|---|
| EL | 8, 9 |
| Debian | all |
| Fedora | all |
| opensuse | all |
| Ubuntu | all |
Ansible version needed: 2.12. Tests have been conducted on previous versions as well. For issues, please report on GitHub.
Changelog
Check the Role History.
License
The role is licensed under Apache-2.0.
Author Information
Created by Shadow Walker.
Informazioni sul progetto
Install and configure auditd on your system.
Installa
ansible-galaxy install buluma.auditdLicenza
apache-2.0
Download
18.3k
Proprietario
DevOps Engineer