Open pulsejets opened 6 years ago
I suspect you're getting the same error I am:
I noticed that in audtid::rule, the rule fragment target is coded to $auditd::params::rules_file instead of to $auditd::rules_file, so if you specify any value besides the default for $rules_file, it won't be able to find a concat for rules. This is because it's trying to use the default value for $rules_file on the fragments and the value you specified for the concat.
Hi I only get at audit.rules.prev , in /etc/audit , and it doesn't load it os debian 9
I have tried with rules_file =>'/etc/audit/rules.d/puppet.rules' , manage_audit_files => true
then i get get a concat warning
/Stage[main]/Auditd/Auditd::Rule[watch for changes to passwd file]/Concat::Fragment[auditd_fragment_watch for changes to passwd file]/Concat_fragment[auditd_fragment_watch for changes to passwd file]: Target Concat_file with path or title '/etc/audit/audit.rules' or tag '_etc_audit_audit.rules not found in the catalog
class { 'auditd': log_file => '/var/log/audit.log', rules => { 'watch for changes to passwd file' => { content => '-w /etc/passwd -p wa -k identity', order => 1, }, } }
}