Skip to content

REFERENCE.md

Latest commit

 

History

History
740 lines (438 loc) · 16.7 KB

REFERENCE.md

File metadata and controls

740 lines (438 loc) · 16.7 KB

Reference

Table of Contents

Classes

Public Classes

Private Classes

  • auditd::config: auditd configuration
  • auditd::package: auditd package management
  • auditd::service: auditd service management

Defined types

Data types

Classes

auditd

audit daemon

Parameters

The following parameters are available in the auditd class:

buffer_size

Data type: Integer

The buffer size to use

Default value: 8192

failure_mode

Data type: Integer

The failure mode (defaults to printing failure message)

Default value: 1

immutable

Data type: Boolean

Set if the configuration should be immutable

Default value: false

dir

Data type: Stdlib::Absolutepath

The auditd configuration directory path (e.g. /etc/audit)

Default value: '/etc/audit'

mode

Data type: Stdlib::Filemode

The auditd configuration directory mode

Default value: '0750'

owner

Data type: Variant[String[1], Integer]

The auditd configuration directory owner

Default value: 0

group

Data type: Variant[String[1], Integer]

The auditd configuration directory group

Default value: 0

config

Data type: Auditd::Conf

auditd.conf configuration hash

Default value: {}

config_path

Data type: Stdlib::Absolutepath

auditd.conf configuration filepath (e.g. /etc/audit/auditd.conf)

Default value: '/etc/audit/auditd.conf'

config_mode

Data type: Stdlib::Filemode

The configurtion file mode

Default value: '0600'

config_owner

Data type: Variant[String[1], Integer]

The configurtion file mode owner

Default value: 0

config_group

Data type: Variant[String[1], Integer]

The configurtion file mode group

Default value: 0

package_name

Data type: String[1]

The package name to use

Default value: 'auditd'

package_ensure

Data type: String

The package state to set

Default value: 'installed'

package_manage

Data type: Boolean

If the auditd package should be managed

Default value: true

service_enable

Data type: Boolean

The service enable state

Default value: true

service_name

Data type: String[1]

The service name to use

Default value: 'auditd'

service_ensure

Data type: Stdlib::Ensure::Service

The service ensure state

Default value: 'running'

service_manage

Data type: Boolean

If the auditd service should be managed

Default value: true

service_override

Data type: Optional[String]

auditd service override content

Default value: undef

plugin_dir

Data type: Stdlib::Absolutepath

The plugin directory path to manage

Default value: '/etc/audit/plugins.d'

plugin_dir_mode

Data type: Stdlib::Filemode

The plugin directory mode

Default value: '0750'

plugin_dir_owner

Data type: Variant[String[1], Integer]

The plugin directory owner

Default value: 0

plugin_dir_group

Data type: Variant[String[1], Integer]

The plugin directory group

Default value: 0

plugins

Data type: Optional[Hash[String, Auditd::Plugins]]

Hash of auditd plugin configuration files to create

Default value: {}

rules_dir

Data type: Stdlib::Absolutepath

The rules directory path to manage

Default value: '/etc/audit/rules.d'

rules_dir_mode

Data type: Stdlib::Filemode

The rules directory mode

Default value: '0750'

rules_dir_owner

Data type: Variant[String[1], Integer]

The rules directory owner

Default value: 0

rules_dir_group

Data type: Variant[String[1], Integer]

The rules directory group

Default value: 0

rules_file

Data type: Stdlib::Absolutepath

The rules filepath

Default value: '/etc/audit/rules.d/audit.rules'

rules_file_mode

Data type: Stdlib::Filemode

The rules file mode

Default value: '0600'

rules_file_owner

Data type: Variant[String[1], Integer]

The rules file owner

Default value: 0

rules_file_group

Data type: Variant[String[1], Integer]

The rules file group

Default value: 0

rules

Data type: Optional[Hash[String, Auditd::Rules]]

Hash of auditd rules to set

Default value: {}

auditd::audisp

audit event dispatcher

Parameters

The following parameters are available in the auditd::audisp class:

dir

Data type: Stdlib::Absolutepath

The auditd configuration directory path

Default value: '/etc/audisp'

mode

Data type: Stdlib::Filemode

The auditd configuration directory mode

Default value: '0750'

owner

Data type: Variant[String[1], Integer]

The auditd configuration directory owner

Default value: 0

group

Data type: Variant[String[1], Integer]

The auditd configuration directory group

Default value: 0

config

Data type: Auditd::Audisp::Conf

audispd.conf configuration hash

Default value: {}

config_path

Data type: Stdlib::Absolutepath

audispd.conf file path

Default value: '/etc/audisp/audispd.conf'

config_mode

Data type: Stdlib::Filemode

audispd.conf file mode

Default value: '0600'

config_owner

Data type: Variant[String[1], Integer]

audispd.conf file owner

Default value: 0

config_group

Data type: Variant[String[1], Integer]

audispd.conf file group

Default value: 0

package_name

Data type: String[1]

The audisp plugins package name

Default value: 'audispd-plugins'

package_ensure

Data type: String

The package state to set

Default value: 'installed'

package_manage

Data type: Boolean

If the audisp plugin package should be managed

Default value: true

plugin_dir

Data type: Stdlib::Absolutepath

The plugin directory path to manage

Default value: '/etc/audisp/plugins.d'

plugin_dir_mode

Data type: Stdlib::Filemode

The plugin directory mode

Default value: '0750'

plugin_dir_owner

Data type: Variant[String[1], Integer]

The plugin directory owner

Default value: 0

plugin_dir_group

Data type: Variant[String[1], Integer]

The plugin directory group

Default value: 0

plugins

Data type: Optional[Hash[String, Auditd::Plugins]]

Hash of audisp plugin configuration files to create

Default value: {}

Defined types

auditd::plugin

Create plugin files

Parameters

The following parameters are available in the auditd::plugin defined type:

active

Data type: Enum['yes', 'no']

Set the plugin active state.

Default value: 'yes'

direction

Data type: Enum['in', 'out']

Give a clue to the event dispatcher about which direction events flow.

Default value: 'out'

path

Data type: Variant[Stdlib::Absolutepath, String]

The absolute path to the plugin executable.

type

Data type: Enum['builtin', 'always']

Tells the dispatcher how the plugin wants to be run.

Default value: 'always'

args

Data type: Optional[String]

Pass arguments to the child program.

Default value: undef

format

Data type: Enum['binary', 'string']

Binary or string dispatcher options.

Default value: 'string'

plugin_type

Data type: Enum['auditd', 'audisp']

The plugin type

Default value: 'auditd'

mode

Data type: Stdlib::Filemode

The file mode to apply

Default value: '0600'

owner

Data type: Variant[String, Integer]

The file owner to set

Default value: 0

group

Data type: Variant[String, Integer]

The file group to set

Default value: 0

auditd::rule

Creates auditd rules

Parameters

The following parameters are available in the auditd::rule defined type:

content

Data type: String

The rule content

Default value: ''

order

Data type: Integer[1, 1000]

The rule priority order (between 1 and 1000)

Default value: 10

Data types

Auditd::Audisp::Conf

audispd.conf configuration file parameters

Alias of

Struct[{
    Optional['q_depth']         => Integer,
    Optional['overflow_action'] => Enum['ignore', 'IGNORE', 'syslog', 'SYSLOG', 'suspend', 'SUSPEND', 'single', 'SINGLE', 'halt', 'HALT'],
    Optional['priority_boost']  => Integer[0],
    Optional['max_restarts']    => Integer[0],
    Optional['name_format']     => Enum['none', 'NONE', 'hostname', 'HOSTNAME', 'fqd', 'FQD', 'numeric', 'NUMERIC', 'user', 'USER'],
    Optional['name']            => String,
    Optional['plugin_dir']      => Stdlib::Absolutepath,
  }]

Auditd::Conf

auditd.conf configuration file parameters

Alias of

Struct[{
    Optional['local_events']            => Enum['yes', 'no'],
    Optional['log_file']                => Stdlib::Absolutepath,
    Optional['write_logs']              => Enum['yes', 'no'],
    Optional['log_format']              => Enum['raw', 'RAW', 'enriched', 'ENRICHED'],
    Optional['log_group']               => Variant[Integer, String[1]],
    Optional['priority_boost']          => Integer[0],
    Optional['flush']                   => Enum['none', 'NONE', 'incremental', 'INCREMENTAL', 'incremental_async', 'INCREMENTAL_ASYNC', 'data', 'DATA', 'sync', 'SYNC'],
    Optional['freq']                    => Integer[0],
    Optional['dispatcher']              => String,
    Optional['disp_qos']                => Enum['lossy', 'LOSSY', 'lossless', 'LOSSLESS'],
    Optional['num_logs']                => Integer[0, 999],
    Optional['name_format']             => Enum['none', 'NONE', 'hostname', 'HOSTNAME', 'fqd', 'FQD', 'numeric', 'NUMERIC', 'user', 'USER'],
    Optional['name']                    => String,
    Optional['max_log_file']            => Integer,
    Optional['max_log_file_action']     => Enum['ignore', 'IGNORE', 'syslog', 'SYSLOG', 'suspend', 'SUSPEND', 'rotate', 'ROTATE', 'keep_logs', 'KEEP_LOGS'],
    Optional['verify_email']            => Enum['yes', 'no'],
    Optional['action_mail_acct']        => Variant[String, Stdlib::Email],
    Optional['space_left']              => Integer,
    Optional['space_left_action']       => Enum['ignore', 'IGNORE', 'syslog', 'SYSLOG', 'rotate', 'ROTATE', 'email', 'EMAIL', 'exec', 'EXEC', 'suspend', 'SUSPEND', 'single', 'SINGLE', 'halt', 'HALT'],
    Optional['admin_space_left']        => Variant[Integer, String],
    Optional['admin_space_left_action'] => Enum['ignore', 'IGNORE', 'syslog', 'SYSLOG', 'rotate', 'ROTATE', 'email', 'EMAIL', 'exec', 'EXEC', 'suspend', 'SUSPEND', 'single', 'SINGLE', 'halt', 'HALT'],
    Optional['disk_full_action']        => Enum['ignore', 'IGNORE', 'syslog', 'SYSLOG', 'rotate', 'ROTATE', 'exec', 'EXEC', 'suspend', 'SUSPEND', 'single', 'SINGLE', 'halt', 'HALT'],
    Optional['disk_error_action']       => Enum['ignore', 'IGNORE', 'syslog', 'SYSLOG', 'exec', 'EXEC', 'suspend', 'SUSPEND', 'single', 'SINGLE', 'halt', 'HALT'],
    Optional['tcp_listen_port']         => Integer[1,65535],
    Optional['tcp_listen_queue']        => Integer,
    Optional['tcp_max_per_addr']        => Integer[1,1024],
    Optional['use_libwrap']             => Enum['yes', 'no'],
    Optional['tcp_client_ports']        => Variant[Integer, String],
    Optional['tcp_client_max_idle']     => Integer,
    Optional['transport']               => Enum['tcp', 'TCP', 'krb5', 'KRB5'],
    Optional['enable_krb5']             => Enum['yes', 'no'],
    Optional['krb5_principal']          => String,
    Optional['krb5_key_file']           => Stdlib::Absolutepath,
    Optional['distribute_network']      => Enum['yes', 'no'],
    Optional['q_depth']                 => Integer,
    Optional['overflow_action']         => Enum['ignore', 'IGNORE', 'syslog', 'SYSLOG', 'suspend', 'SUSPEND', 'single', 'SINGLE', 'halt', 'HALT'],
    Optional['max_restarts']            => Integer[0],
    Optional['plugin_dir']              => Stdlib::Absolutepath,
    Optional['end_of_event_timeout']    => Integer[0],
  }]

Auditd::Plugins

auditd plugin parameters

Alias of

Struct[{
    Optional['active']      => Enum['yes', 'no'],
    Optional['direction']   => Enum['in', 'out'],
    'path'                  => Variant[Stdlib::Absolutepath, String],
    Optional['type']        => Enum['builtin', 'always'],
    Optional['args']        => String,
    Optional['format']      => Enum['binary', 'string'],
    Optional['plugin_type'] => Enum['auditd', 'audisp'],
    Optional['mode']        => Stdlib::Filemode,
    Optional['owner']       => Variant[String, Integer],
    Optional['group']       => Variant[String, Integer],
  }]

Auditd::Rules

auditd rule parameters

Alias of

Struct[{
    Optional['content'] => String,
    Optional['order']   => Integer[1, 999],
  }]