search

kemra102 / puppet-auditd

Manage the audit daemon and it's rules.
BSD 2-Clause "Simplified" License
14 stars 54 forks source link

RFE : Cope with RHEL8 (audit 3.x) and its lack of audisp #63

Open stevekay opened 4 years ago

stevekay commented 4 years ago

The audit package on RHEL7 came with various /etc/audisp directories.

[steve@rhel-7-puppet ~]$ rpm -q audit
audit-2.8.4-4.el7.x86_64
[steve@rhel-7-puppet ~]$ rpm -ql audit|grep "^/etc/audisp$"
/etc/audisp
[steve@rhel-7-puppet ~]$

With the advent of audit v3.x, the audit package on RHEL8 lacks these. 

[steve@rhel-8-puppet ~]$ rpm -q audit
audit-3.0-0.10.20180831git0047a6c.el8.x86_64
[steve@rhel-8-puppet ~]$ rpm -ql audit|grep "^/etc/audisp$"
[steve@rhel-8-puppet ~]$

This leads to errors when invoking the module on RHEL8.

[steve@rhel-8-puppet ~]$ sudo /opt/puppetlabs/puppet/bin/puppet apply mysite.pp
Warning: This method is deprecated, please use the stdlib validate_legacy function,
                    with Stdlib::Compat::String. There is further documentation for validate_legacy function in the README. at ["/etc/puppetlabs/code/environments/production/modules/auditd/manifests/init.pp", 383]:["/home/steve/mysite.pp", 8]
   (location: /etc/puppetlabs/code/environments/production/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Warning: This method is deprecated, please use the stdlib validate_legacy function,
                    with Stdlib::Compat::Absolute_Path. There is further documentation for validate_legacy function in the README. at ["/etc/puppetlabs/code/environments/production/modules/auditd/manifests/init.pp", 385]:["/home/steve/mysite.pp", 8]
   (location: /etc/puppetlabs/code/environments/production/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Warning: This method is deprecated, please use the stdlib validate_legacy function,
                    with Pattern[]. There is further documentation for validate_legacy function in the README. at ["/etc/puppetlabs/code/environments/production/modules/auditd/manifests/init.pp", 386]:["/home/steve/mysite.pp", 8]
   (location: /etc/puppetlabs/code/environments/production/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Warning: This method is deprecated, please use the stdlib validate_legacy function,
                    with Stdlib::Compat::Integer. There is further documentation for validate_legacy function in the README. at ["/etc/puppetlabs/code/environments/production/modules/auditd/manifests/init.pp", 393]:["/home/steve/mysite.pp", 8]
   (location: /etc/puppetlabs/code/environments/production/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Warning: This method is deprecated, please use the stdlib validate_legacy function,
                    with Stdlib::Compat::Bool. There is further documentation for validate_legacy function in the README. at ["/etc/puppetlabs/code/environments/production/modules/auditd/manifests/init.pp", 437]:["/home/steve/mysite.pp", 8]
   (location: /etc/puppetlabs/code/environments/production/modules/stdlib/lib/puppet/functions/deprecation.rb:28:in `deprecation')
Notice: Compiled catalog for rhel-8-puppet.europe-west2-c.c.automation-243819.internal in environment production in 0.20 seconds
Error: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20190803-6695-1ng1c9l.lock (file: /etc/puppetlabs/code/environments/production/modules/auditd/manifests/init.pp, line: 499)
Error: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20190803-6695-1ng1c9l.lock (file: /etc/puppetlabs/code/environments/production/modules/auditd/manifests/init.pp, line: 499)
Wrapped exception:
No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20190803-6695-1ng1c9l.lock
Error: /Stage[main]/Auditd/File[/etc/audisp/audispd.conf]/ensure: change from 'absent' to 'file' failed: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20190803-6695-1ng1c9l.lock (file: /etc/puppetlabs/code/environments/production/modules/auditd/manifests/init.pp, line: 499)
Error: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/plugins.d/af_unix.conf20190803-6695-wvcpf4.lock (file: /etc/puppetlabs/code/environments/production/modules/auditd/manifests/audisp/plugin.pp, line: 30)
Error: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/plugins.d/af_unix.conf20190803-6695-wvcpf4.lock (file: /etc/puppetlabs/code/environments/production/modules/auditd/manifests/audisp/plugin.pp, line: 30)
Wrapped exception:
No such file or directory @ dir_s_mkdir - /etc/audisp/plugins.d/af_unix.conf20190803-6695-wvcpf4.lock
Error: /Stage[main]/Auditd::Audisp::Af_unix/Auditd::Audisp::Plugin[af_unix]/File[/etc/audisp/plugins.d/af_unix.conf]/ensure: change from 'absent' to 'file' failed: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/plugins.d/af_unix.conf20190803-6695-wvcpf4.lock (file: /etc/puppetlabs/code/environments/production/modules/auditd/manifests/audisp/plugin.pp, line: 30)
Notice: /Stage[main]/Auditd/Service[auditd]: Dependency File[/etc/audisp/audispd.conf] has failures: true
Notice: /Stage[main]/Auditd/Service[auditd]: Dependency File[/etc/audisp/plugins.d/af_unix.conf] has failures: true
Warning: /Stage[main]/Auditd/Service[auditd]: Skipping because of failed dependencies
Notice: Applied catalog in 0.23 seconds
[steve@rhel-8-puppet ~]$

If this module continues to be maintained, request that the code be revised to cater for this scenario.

ybrock commented 4 years ago

I couldn't agree more. Same problem here.