auditd

Actions Status - Master Actions Status - Devel

Linux auditd ansible role

Ansible role to setup and configure linux auditd.

Possible visualization with R.

Requirements & Dependencies

Ansible

It was tested on the following versions:

  • 2.2
  • 2.5
  • 2.10

Operating systems

  • Ubuntu 16.04, 18.04, 20.04
  • Centos 7, 8
  • Suse 12.x, 15.x

Example Playbook

Just include this role in your list. For example

- hosts: all
  roles:
    - juju4.auditd

Variables

Nothing specific for now.

Continuous integration

This role has a travis basic test (for github), more advanced with kitchen and also a Vagrantfile (test/vagrant). Default kitchen config (.kitchen.yml) is lxd-based, while (.kitchen.vagrant.yml) is vagrant/virtualbox based.

Once you ensured all necessary roles are present, You can test with:

$ gem install kitchen-ansible kitchen-lxd_cli kitchen-sync kitchen-vagrant
$ cd /path/to/roles/juju4.auditd
$ kitchen verify
$ kitchen login
$ KITCHEN_YAML=".kitchen.vagrant.yml" kitchen verify

or

$ cd /path/to/roles/juju4.auditd/test/vagrant
$ vagrant up
$ vagrant ssh

Troubleshooting & Known issues

  • As auditd is linked to the kernel, role will not do any change when executed inside containers.

  • watchdog: BUG: soft lockup - CPU#0 stuck for Xs! [kauditd:22], audit: backlog limit exceeded, audit: kauditd hold queue overflow observed even with grub audit_backlog_limit=8192 added variable auditd_grub_enable and default false. Use carefully. kauditd hold queue overflow in 4.11, Sep 2017 Event overflow during boot, May 2017

References

License

BSD 2-clause

About

Linux auditd install and configuration

Install
ansible-galaxy install PrymalInstynct/ansible_auditd
GitHub repository
License
bsd-2-clause
Downloads
20