Ansible Role: sys_audit

An Ansible Role to install and configure audit.

Motivation

Audit is a very common tool for auditing systems and changes in RedHat('ish) Linux Environments.

Description

This role installs and configures audit.

install audit
configure to local log
configure to receive logs
configure to send logs

Requirements

Used Modules:

Installation

Install from Ansible Galaxy

ansible-galaxy install while_true_do.sys_audit

Install from Github

git clone https://github.com/while-true-do/ansible-role-sys_audit.git while_true_do.sys_audit

Usage

Role Variables

---
# defaults file for while_true_do.srv_audit

## Package Management
wtd_sys_audit_package: "audit"
# State can be present|latest|absent
wtd_sys_audit_package_state: "present"

## Configuration Management
# Consult 'man audit.conf' for detailed information
wtd_sys_audit_conf: []
# local_events: "yes"
# write_logs: "yes"
# log_file: "/var/log/audit/audit.log"
# log_group: "root"
# log_format: "ENRICHED"
# flush: "INCREMENTAL_ASYNC"
# freq: "50"
# max_log_file: "8"
# num_logs: "5"
# priority_boost: "4"
# name_format: "NONE"
# name: "mydomain"
# max_log_file_action: "ROTATE"
# space_left: "75"
# space_left_action: "SYSLOG"
# verify_email: "yes"
# action_mail_acct: "root"
# admin_space_left: "50"
# admin_space_left_action: "SUSPEND"
# disk_full_action: "SUSPEND"
# disk_error_action: "SUSPEND"
# use_libwrap: "yes"
# tcp_listen_port: "60"
# tcp_listen_queue: "5"
# tcp_max_per_addr: "1"
# tcp_client_ports: "1024-65535"
# tcp_client_max_idle: "0"
# transport: "TCP"
# krb5_principal: "auditd"
# krb5_key_file: "/etc/audit/audit.key"
# distribute_network: "no"
# q_depth: "400"
# overflow_action: "SYSLOG"
# max_restarts: "10"

# Consult 'man audit.rules' for detailed information
# Examples in "/usr/share/doc/audit/rules/"
wtd_sys_audit_rules: []
# - "-w /etc/passwd -p wa -k passwd_changes"
# - "-w /etc/selinux/ -p wa -k selinux_changes"
# - "-w /sbin/insmod -p x -k module_insertion"

## Service Management
wtd_sys_audit_service: "auditd"
# State can be started|stopped
wtd_sys_audit_service_state: "started"
wtd_sys_audit_service_enabled: true

Example Playbook

Running Ansible Roles can be done in a playbook.

Simple

---
- hosts: all
  roles:
    - role: while_true_do.sys_audit

Known Issues

RedHat Testing is currently not possible in public, due to limitations in subscriptions.
Some services and features cannot be tested properly, due to limitations in docker.

Testing

Most of the "generic" tests are located in the Test Library.

Ansible specific testing is done with Molecule.

Infrastructure testing is done with testinfra.

Automated testing is done with Travis CI.

Contribute

Thank you so much for considering to contribute. We are very happy, when somebody is joining the hard work. Please fell free to open Bugs, Feature Requests or Pull Requests after reading the Contribution Guideline.

See who has contributed already in the kudos.txt.

License

This work is licensed under a BSD-3-Clause License.

while-true-do / ansible-role-sys_audit Goto Github PK