auditd #1

Supports: trusty
Add to new model

Description

This subordinate charm installs and configures auditd.


Overview

This subordinate charm installs and configures the auditd package.

The charm can be related to the nrpe or nrpe-external-master charm for a simple check to verify data
is coming to the log.

The charm layer source.

Usage

The charm relates with any principal charm using juju-info interface.
First deploy this charm, then relate it.

juju deploy auditd
juju add-relation primary-charm auditd

A base configuration is included, additional_rules can be specified via the additional_rules
configuration option or through the audit relation interface.

Known Limitations

The audit relation needs more testing and possibly a interface layer to facilitate its use.

The auditd daemon requires special permissions and will not run in an unprivileged container.

Upstream Project


Configuration

additional_rules
(string) YAML list of additional auditd rules to add. For example: - "-w /etc/adduser.conf -p wa -k CFG_adduser" - "-w /srv/www/index.html -p wa -k CFG_www"
[]
log_file
(string) Log file
/var/log/audit/audit.log
max_log_size
(int) Max log size in MB before rotating
10
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-postgresql-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
num_logs
(int) The number of rotated logs to keep
5
syslog
(boolean) If true will log to the syslog as well as to /var/log/audit/audit.log