auditd #1
Description
This subordinate charm installs and configures auditd.
- Tags:
- security ›
- monitoring ›
Overview
This subordinate charm installs and configures the auditd package.
The charm can be related to the nrpe or nrpe-external-master charm for a simple check to verify data is coming to the log.
The charm layer source.
Usage
The charm relates with any principal charm using juju-info interface. First deploy this charm, then relate it.
juju deploy auditd
juju add-relation primary-charm auditd
A base configuration is included, additional_rules can be specified via the additional_rules configuration option or through the audit relation interface.
Known Limitations
The audit relation needs more testing and possibly a interface layer to facilitate its use.
The auditd daemon requires special permissions and will not run in an unprivileged container.
Upstream Project
- Auditd - http://people.redhat.com/sgrubb/audit/
- Ubuntu package - http://packages.ubuntu.com/xenial/auditd
Configuration
- additional_rules
- (string) YAML list of additional auditd rules to add. For example: - "-w /etc/adduser.conf -p wa -k CFG_adduser" - "-w /srv/www/index.html -p wa -k CFG_www"
- []
- log_file
- (string) Log file
- /var/log/audit/audit.log
- max_log_size
- (int) Max log size in MB before rotating
- 10
- nagios_context
- (string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-postgresql-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
- juju
- num_logs
- (int) The number of rotated logs to keep
- 5
- syslog
- (boolean) If true will log to the syslog as well as to /var/log/audit/audit.log