Versions prior to 0.3.1 contained a serious bug which could cause audit rules to be silently ignored. Please see this advisory.
This module installs and configures auditd. It also provides a defined type(auditd::rule
) to set up auditd rules.
Include with default parameters and add a rule:
include auditd
auditd::rule { 'use-of-auditctl':
content => '-w /sbin/auditctl -p x -k audittools',
order => '66',
}
See LICENSE file.