From 27702e58341500f64fc1523bc9feb483e1ab6fb2 Mon Sep 17 00:00:00 2001 From: Jordan Wesolowski <jrwesolo@gmail.com> Date: Mon, 19 Dec 2016 15:49:41 -0700 Subject: [PATCH] add support for write_logs option This option is available in audit >= 2.5.2. `log_format = NOLOG` has been deprecated. Instead, using `write_logs = no` is preferred. Details can be seen here: https://people.redhat.com/sgrubb/audit/ChangeLog. By having the option default to `undef`, we can maintain backwards-compatibility for everyone. --- README.md | 6 ++++++ manifests/init.pp | 11 +++++++++++ manifests/params.pp | 1 + templates/auditd.conf.erb | 3 +++ 4 files changed, 21 insertions(+) diff --git a/README.md b/README.md index 16ddb36..84af233 100644 --- a/README.md +++ b/README.md @@ -277,6 +277,12 @@ This keyword specifies the group that is applied to the log file's permissi Default: `root` +#### `write_logs` + +This yes/no keyword determines whether or not to write logs to the disk. There are two options: yes and no. It is meant to replace the usage of `log_format = NOLOG`. This will default to undef since it is only available in version >= 2.5.2. + +Default: `undef` + #### `priority_boost` This is a non-negative number that tells the audit damon how much of a priority boost it should take. The default is 3. No change is 0. diff --git a/manifests/init.pp b/manifests/init.pp index 43ec1ae..af47741 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -34,6 +34,12 @@ # permissions. The default is root. The group name can be either numeric # or spelled out. # +# [*write_logs*] +# This yes/no keyword determines whether or not to write logs to the disk. +# There are two options: yes and no. It is meant to replace the usage of +# log_format = NOLOG. This will default to undef since it is only available +# in version >= 2.5.2. +# # [*priority_boost*] # This is a non-negative number that tells the audit damon how much of # a priority boost it should take. The default is 3. No change is 0. @@ -321,6 +327,7 @@ $log_file = $::auditd::params::log_file, $log_format = $::auditd::params::log_format, $log_group = $::auditd::params::log_group, + $write_logs = $::auditd::params::write_logs, $priority_boost = $::auditd::params::priority_boost, $flush = $::auditd::params::flush, $freq = $::auditd::params::freq, @@ -379,6 +386,10 @@ validate_re($log_format, '^(RAW|NOLOG)$', "${log_format} is not supported for log_format. Allowed values are 'RAW' and 'NOLOG'.") validate_string($log_group) + if $write_logs != undef { + validate_re($write_logs, '^(yes|no)$', + "${write_logs} is not supported for write_logs. Allowed values are 'yes' and 'no'.") + } validate_integer($priority_boost) validate_re($flush, '^(none|incremental|data|sync)$', "${flush} is not supported for flush. Allowed values are 'none', 'incremental', 'data' and 'sync'.") diff --git a/manifests/params.pp b/manifests/params.pp index 1d7d680..16e8286 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -76,6 +76,7 @@ $log_file = '/var/log/audit/audit.log' $log_format = 'RAW' $log_group = 'root' + $write_logs = undef $priority_boost = '4' $flush = 'incremental' $freq = '20' diff --git a/templates/auditd.conf.erb b/templates/auditd.conf.erb index 72394b8..7585170 100644 --- a/templates/auditd.conf.erb +++ b/templates/auditd.conf.erb @@ -4,6 +4,9 @@ log_file = <%= @log_file %> log_format = <%= @log_format %> log_group = <%= @log_group %> +<% unless @write_logs.nil? %> +write_logs = <%= @write_logs %> +<% end -%> priority_boost = <%= @priority_boost %> flush = <%= @flush %> freq = <%= @freq %>