Closed bdwyertech closed 7 years ago
@tas50 no love?
Sorry for the delay here. Thanks for the tests. We'll have to figure something out with dokken or just remove that
No problem @tas50 I know your busy as hell, you're in commit trails all over the place
Yeh, the regular kitchen-vagrant tests work alright, if Dokken gets a little more polished e.g. GitLab CI fixed I'll see if I can get it working in my own tests and contribute back.
/etc/audit/rules.d/
This should address #30
Background
augenrules
is enabled by default, which builds/etc/audit/audit.rules
with rules from/etc/audit/rules.d/
Also, I tried simply swapping to
:reload
for RHEL, but you need a restart to make this stuff work;:reload
did not seem to trigger/etc/audit/audit.rules
generation. It seems within in the past two years or so, the ability to restart auditd using systemctl was disabled. 2-3 years ago I had a branch of this cookbook that only needed a rulefile location swap to function; that is no longer the case.Finally, I threw some crappy inspec tests in here to smoke test the content of
/etc/audit/audit.rules
. A successful Chef run can be misleading when the ruleset is dynamically generated -- Years ago I was running this for a month or so before I realized all the rules weren't active.Final Note -- I don't think you can test this with Dokken -- I tried, and
auditd
is just all kinds of FUBAR in Docker.