REFERENCE.md

Reference

Table of Contents

Classes

• aide: Sets up a functioning AIDE system. Many parameters were plucked directly from the aide.conf(5) man page.
• aide::default_rules: A helper class to keep the main AIDE class relatively readable.
• aide::logrotate: A class that sets up the logrotate state for aide.
• aide::set_schedule: Sets a schedule for AIDE to run a check on your system
• aide::syslog: Persist aide syslog log messages, including report output, to a local file.

Defined types

• aide::rule: This define adds rules to the AIDE configuration. Rules are added to /etc/aide.conf.d unless otherwise specified.

Data types

• Aide::Rotateperiod: The AIDE rotation period
• Aide::SyslogFacility: The AIDE syslog facility

Classes

aide

Sets up a functioning AIDE system.

Many parameters were plucked directly from the aide.conf(5) man page.

Parameters

The following parameters are available in the aide class:

• dbdir
• logdir
• database_name
• database_out_name
• gzip_dbout
• verbose
• report_urls
• aliases
• ruledir
• rules
• enable
• minute
• hour
• monthday
• month
• weekday
• cron_method
• systemd_calendar
• cron_command
• default_rules
• logrotate
• rotate_period
• rotate_number
• syslog
• syslog_facility
• auditd
• aide_init_timeout
• package_ensure

dbdir

Data type: Stdlib::Absolutepath

The AIDE database directory, DBDIR.

Default value: '/var/lib/aide'

logdir

Data type: Stdlib::Absolutepath

The AIDE log directory, LOGDIR.

Default value: '/var/log/aide'

database_name

Data type: String

The name of the database file within DBDIR.

Default value: 'aide.db.gz'

database_out_name

Data type: String

The name of the database out file within DBDIR.

Default value: 'aide.db.new.gz'

gzip_dbout

Data type: Variant[Enum['yes','no'],Boolean]

Whether to compress the output database.

Default value: 'yes'

verbose

Data type:

Variant[
    Integer[0, 255],
    Pattern[/\A(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\z/]
  ]

The verbosity of the output messages.

Default value: 5

report_urls

Data type: Array[String]

An array of report URLs. A syslog report URL will be automatically added to this list when syslog is set to true.

Default value: [ 'file:@@{LOGDIR}/aide.report']

aliases

Data type: Array[String]

A set of common aliases that may be used within the AIDE configuration file. It is not recommended that these be changed.

ruledir

Data type: Stdlib::Absolutepath

The directory to include for all additional rules.

Default value: '/etc/aide.conf.d'

rules

Data type: Variant[Hash,Array[String]]

A hash of aide::rule resources to create. In previous versions, this parameter was used to specify an array of rule files to include. This is now automatic. Passing an array to this parameter is deprecated, does nothing, and may be removed completely in a future release of this module.

Default value: {}

enable

Data type: Boolean

Whether or not to enable AIDE to run on a periodic schedule. Enabling this meets CCE-27222-9.

This is 'false' by default since AIDE is quite stressful on the system and should be enabled after a good understanding of the performance impact.

Default value: false

minute

Data type: Simplib::Cron::Minute

minute cron parameter for when the AIDE check is run

Default value: fqdn_rand(59)

hour

Data type: Simplib::Cron::Hour

hour cron parameter for when the AIDE check is run

Default value: 4

monthday

Data type: Simplib::Cron::Monthday

monthday cron parameter for when the AIDE check is run

Default value: '*'

month

Data type: Simplib::Cron::Month

month cron parameter for when the AIDE check is run

Default value: '*'

weekday

Data type: Simplib::Cron::Weekday

weekday cron parameter for when the AIDE check is run

Default value: 0

cron_method

Data type: Enum['root', 'etc', 'systemd']

Set to the preferred method for scheduling the job

• systemd => systemd timer (default)

• root => root's crontab (legacy)

• etc => /etc/crontab (scanner compat)

• Methods that are not selected will be disabled

Default value: 'systemd'

systemd_calendar

Data type: Optional[String[1]]

An exact systemd calendar string

• Overrides all other scheduling parameters
• Will not be validated

Default value: undef

cron_command

Data type: String[1]

command cron parameter for when AIDE check is run

Default value: '/bin/nice -n 19 /usr/sbin/aide --check'

default_rules

Data type: Variant[Array[String[1]],String]

A set of default rules to include. If this is set, the internal defaults will be overridden.

logrotate

Data type: Boolean

Whether to use logrotate. If set to 'true', Hiera can be used to set the variables in aide::logrotate

Default value: simplib::lookup('simp_options::logrotate', { 'default_value' => false})

rotate_period

Data type: Aide::Rotateperiod

The logrotate period at which to rotate the logs.

Default value: 'weekly'

rotate_number

Data type: Integer

The number of log files to preserve on the system.

Default value: 4

syslog

Data type: Boolean

Whether to send the AIDE output to syslog, in addition to the local report file. Use Hiera to set the parameters on aide::syslog appropriately if you don't care for the defaults.

Default value: simplib::lookup('simp_options::syslog', { 'default_value' => false })

syslog_facility

Data type: Aide::SyslogFacility

The syslog facility to use for the AIDE output syslog messages.

Default value: 'LOG_LOCAL6'

auditd

Data type: Boolean

Whether to add rules for changes to the aide configuration.

Default value: simplib::lookup('simp_options::auditd', { 'default_value' => false })

aide_init_timeout

Data type: Integer

Maximum time to wait in seconds for AIDE database initialization

Default value: $facts['processors']['count'] ? { 1 => 1200, default => 300

package_ensure

Data type: String

The ensure status of packages to be managed

Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })

aide::default_rules

A helper class to keep the main AIDE class relatively readable.

Parameters

The following parameters are available in the aide::default_rules class:

• default_rules
• ruledir

default_rules

Data type: Variant[Array[String[1]],String]

A set of default rules to include. If this is set, the internal defaults will be overridden.

Default value: $aide::default_rules

ruledir

Data type: Stdlib::Absolutepath

The directory in which the default rules file will be written.

Default value: $aide::ruledir

aide::logrotate

A class that sets up the logrotate state for aide.

Parameters

The following parameters are available in the aide::logrotate class:

• logdir
• rotate_period
• rotate_number

logdir

Data type: Stdlib::Absolutepath

Directory containing the logs to be rotated. The logs in that directory are assumed to end with '.log'.

Default value: $::aide::logdir

rotate_period

Data type: Aide::Rotateperiod

The logrotate period at which to rotate the logs.

Default value: $::aide::rotate_period

rotate_number

Data type: Integer

The number of log files to preserve on the system.

Default value: $::aide::rotate_number

aide::set_schedule

Sets a schedule for AIDE to run a check on your system

Parameters

The following parameters are available in the aide::set_schedule class:

• method
• systemd_calendar
• minute
• hour
• monthday
• month
• weekday
• command

method

Data type: Enum['root', 'etc', 'systemd']

How you wish to schedule the run

Default value: pick(getvar('aide::cron_method'), 'systemd')

systemd_calendar

Data type: Optional[String[1]]

If $method is systemd, set this exact calendar string

This is not verified, use systemd-analyze calendar on a modern system to ensure that you have a valid string

Default value: getvar('aide::systemd_calendar')

minute

Data type: Simplib::Cron::Minute

minute cron parameter

Default value: pick(getvar('aide::minute'), fqdn_rand(59))

hour

Data type: Simplib::Cron::Hour

hour cron parameter

Default value: pick(getvar('aide::hour'), 4)

monthday

Data type: Simplib::Cron::Monthday

monthday cron parameter

Default value: pick(getvar('aide::monthday'), '*')

month

Data type: Simplib::Cron::Month

month cron parameter

Default value: pick(getvar('aide::month'), '*')

weekday

Data type: Simplib::Cron::Weekday

weekday cron parameter

Default value: pick(getvar('aide::weekday'), 0)

command

Data type: String

command cron parameter

Default value: pick(getvar('aide::cron_command'), '/bin/nice -n 19 /usr/sbin/aide --check')

aide::syslog

Persist aide syslog log messages, including report output, to a local file.

Parameters

The following parameters are available in the aide::syslog class:

• logdir

logdir

Data type: Stdlib::Absolutepath

The AIDE log directory.

Default value: $::aide::logdir

Defined types

aide::rule

This define adds rules to the AIDE configuration. Rules are added to /etc/aide.conf.d unless otherwise specified.

Examples

Rule to ignore changes to /tmp

aide::rule { 'tmp':
  rules => '!/tmp'
}

Parameters

The following parameters are available in the aide::rule defined type:

• name
• rules
• ruledir
• order

name

rules

Data type: String

The actual string that should be written into the rules file. Leading spaces are stripped so that you can format your manifest in a more readable fashion.

ruledir

Data type: Stdlib::Absolutepath

The directory within which all additional rules should be written. This MUST be the same value as that entered in aide::conf if you want the system to work properly. Default: '/etc/aide.conf.d'

Default value: '/etc/aide.conf.d'

order

Data type: String

Order of aide rules can be significant. This parameter can be used to control the order of included rule files.

Default value: '999'

Data types

Aide::Rotateperiod

The AIDE rotation period

Alias of Enum['daily', 'weekly', 'monthly', 'yearly']

Aide::SyslogFacility

The AIDE syslog facility

Alias of Enum['LOG_KERN', 'LOG_USER', 'LOG_MAIL', 'LOG_DAEMON', 'LOG_AUTH', 'LOG_SYSLOG', 'LOG_LPR', 'LOG_NEWS', 'LOG_UUCP', 'LOG_CRON', 'LOG_LOCAL0', 'LOG_LOCAL1', 'LOG_LOCAL2', 'LOG_LOCAL3', 'LOG_LOCAL4', 'LOG_LOCAL5', 'LOG_LOCAL6', 'LOG_LOCAL7']