Auditd has many less available community modules. This is likely due to its very simple nature—configuring can be done with a simple file module and a couple of packages in most cases. Nonetheless, let's take a look at a community module that will manage your configuration for you. It even provides a decent base ruleset and contains very powerful customization options.
We'll be looking at the evenup/auditd module here. As mentioned previously, it has most of the auditd options exposed and provides a decent default ruleset with the option to override. We'll start by installing it:
sudo puppet module install evenup-auditd
The module contains a single entry point, the main auditd
class that accepts four parameters. They are as follows: