Book Image

Learning Puppet Security

Book Image

Learning Puppet Security

Overview of this book

Table of Contents (17 chapters)
Learning Puppet Security
About the Author
About the Reviewers

Configuring auditd with community modules

Auditd has many less available community modules. This is likely due to its very simple nature—configuring can be done with a simple file module and a couple of packages in most cases. Nonetheless, let's take a look at a community module that will manage your configuration for you. It even provides a decent base ruleset and contains very powerful customization options.

We'll be looking at the evenup/auditd module here. As mentioned previously, it has most of the auditd options exposed and provides a decent default ruleset with the option to override. We'll start by installing it:

sudo puppet module install evenup-auditd

The module contains a single entry point, the main auditd class that accepts four parameters. They are as follows:




The module supports using Beaver to process auditd log files (Beaver is a log shipper for Logstash). It can be beaver or null.


This is the path to the rules file – defaults...