Closed fabianfrz closed 7 years ago
Can you be more clear about what your issue is exactly? I don't follow the bulk of your post.
The title is straight forward enough though I am not sure what the benefit is - pull requests are of course welcome.
This line her will delete all rules from auditd: https://github.com/kemra102/puppet-auditd/blob/master/templates/audit.rules.begin.fragment.erb#L2
If you want to create a configuration like this: base.pp service.pp
service.pp will delete the rules from base.pp because of the "-D" on top of each file
This line her will delete all rules from auditd:
https://github.com/kemra102/puppet-auditd/blob/master/templates/audit.rules.begin.fragment.erb#L2
Correct
If you want to create a configuration like this:
base.pp
service.pp
service.pp will delete the rules from base.pp because of the "-D" on top of each file
Was this supposed to link to something? There is no base.pp
or service.pp
in this module.
Just guessing as to what may be in these files, I don't see any way in which the rules will be deleted more than once as the initial concat fragment only gets written once.
Again my apologies but it's not clear to me what is being asked here.
Those files are an example of how to create the rules with multiple puppet manifests so you have a manifest for the system itself and some for the other stuff. When you do that, each will generate a rules file and each will have the -D
on top. When auditd is started, it will concatenate all files is the rules directory.
I'm not sure I see the issue still. If you are able to share the content of those files it might help.
Normally the way you'd use a module like this is to say have something like:
base.pp:
class { '::auditd':
space_left_action => 'email',
action_mail_acct => 'secadmin@example.com',
admin_space_left_action => 'halt',
max_log_file_action => 'keep_logs',
rules => {
'watch for changes to passwd file' => {
content => '-w /etc/passwd -p wa -k identity',
order => 1,
},
'watch for changes to hosts file' => {
content => '-w /etc/hosts -p wa -k system-locale',
order => 2,
},
},
}
service.pp:
auditd::rule { 'check puppet config for changes':
content => '-w /etc/puppet/ -p wa -k puppet_config_changes',
order => 1,
}
auditd::rule { 'check puppet data for changes':
content => '-w /var/lib/puppet/ -p wa -k puppet_data_changes',
order => 2,
}
This will mean that the -D
rule will only occur once, nodes that do not include service.pp
will have the base rules only, but nodes that DO include service.pp
will have the additional rules as well.
It is the file containing the static header so this header does not need to be removed via exec.
It would delete the rules while using multiple auditd configuration files when audit concatenates them.