-
Notifications
You must be signed in to change notification settings - Fork 37
/
CHANGELOG
603 lines (488 loc) · 27.2 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
* Mon Nov 25 2024 Steven Pritchard <steve@sicura-us> - 8.14.4
- Fix more use of legacy facts
* Tue Jul 16 2024 Steven Pritchard <[email protected]> - 8.14.3
- Fix comparison of space_left and admin_space_left as percentages
* Mon Jul 08 2024 Steven Pritchard <[email protected]> - 8.14.2
- Remove calls to deprecated parameters (for Puppet 8 compatibility)
* Wed Jul 03 2024 Steven Pritchard <[email protected]> - 8.14.1
- Clean up legacy fact usage for Puppet 8 compatibility
* Wed Nov 22 2023 ben <[email protected]> - 8.14.0
- (SIMP-10744) Add purge behaviour for auditd rules
* Tue Oct 24 2023 Joshua Hoblitt <[email protected]> - 8.13.0
- Add EL9 support
* Wed Oct 11 2023 Steven Pritchard <[email protected]> - 8.12.0
- [puppetsync] Updates for Puppet 8
- These updates may include the following:
- Update Gemfile
- Add support for Puppet 8
- Drop support for Puppet 6
- Update module dependencies
* Wed Aug 23 2023 Steven Pritchard <[email protected]> - 8.11.0
- Add AlmaLinux 8 support
* Thu Aug 17 2023 Mike Riddle <[email protected]> - 8.10.1
- Add RHEL 9 hieradata
* Wed Jul 12 2023 Chris Tessmer <[email protected]> - 8.10.0
- Add RockyLinux 8 support
* Tue Jun 13 2023 Mike Riddle <[email protected]> - 8.9.1
- All of the rule files will now have the same mode defined for /etc/audit/rules.d
* Tue Nov 15 2022 Joshua Hoblitt <[email protected]> - 8.9.0
- do not include auditd::config::grub on hosts without grub
- fix simp base profile to work when grub_version fact is not set
* Fri Jul 29 2022 Benedikt Fischer <[email protected]> - 8.8.0
- Make parameter backlog_wait_time optional because there are auditd versions not supporting it
* Fri Jun 24 2022 Trevor Vaughan <[email protected]> - 8.8.0
- Add support for Amazon Linux 2
* Sat Jun 11 2022 Trevor Vaughan <[email protected]> - 8.7.5
- Actually fix flapping on rotated audit log files
* Fri Jun 03 2022 Trevor Vaughan <[email protected]> - 8.7.4
- Ensure that permissions do not flap on rotated audit log files
* Fri May 27 2022 Zach Schulte <[email protected]> - 8.7.3
- Fix the permissions on `/var/log/audit`
* Fri May 13 2022 Mike Riddle <[email protected]> - 8.7.2
- Changed the auditd_sample_rulesets fact to look in both
/usr/share/audit/sample-rules and /usr/share/doc/audit*/rules for
sample rulesets.
* Thu Mar 24 2022 Mike Riddle <[email protected]> - 8.7.1
- Fixed a bug preventing overflow_action from being set properly
* Mon Jun 14 2021 Chris Tessmer <[email protected]> - 8.7.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
* Wed May 19 2021 Trevor Vaughan <[email protected]> - 8.6.5
- Fixed
- Align EL8 STIG settings
- Changed
- Bump supported puppet version to include 7
- Always add the 'head' rules (global auditd config) settings when applying
rule sets. These do not interfere with user-defined rules and are required
for proper functionality of the system.
* Thu Apr 08 2021 Liz Nemsick <[email protected]> - 8.6.4
- Use `-F key=` in lieu of `-k` in the STIG profile, to match scanner updates.
* Sun Mar 07 2021 Trevor Vaughan <[email protected]> - 8.6.3
- Switch auditd rules to be 'always,exit' instead of 'exit,always' to match the
man pages and general scanner updates.
* Tue Feb 02 2021 Liz Nemsick <[email protected]> - 8.6.3
- Expanded simp/rsyslog dependendency range to < 9.0.0.
* Thu Jan 07 2021 Chris Tessmer <[email protected]> - 8.6.3
- Removed EL6 support
* Mon Nov 23 2020 Liz Nemsick <[email protected]> - 8.6.2-0
- Fixed a bug in which the module could not enable auditing in a system
with auditing already disabled in the kernel, when replication of the
audit logs to syslog was required.
- Manifest would fail to compile because of a nil `auditd_version` fact.
* Wed Sep 23 2020 Trevor Vaughan <[email protected]> - 8.6.1-0
- Allow auditd space_left and admin_space_left to accept percentages on
supported versions
* Wed Aug 12 2020 Trevor Vaughan <[email protected]> - 8.6.0-0
- Ensure that the auditd service is not managed if the kernel is not enforcing
auditing
- Add an acceptance test for toggling disabling auditing without modifying the
kernel parameter
* Fri Aug 07 2020 Marcel Fischer <[email protected]> - 8.5.3-0
- Add `INCREMENTAL_ASYNC` to possible values for `$::auditd::flush`
* Tue Aug 04 2020 Trevor Vaughan <[email protected]> - 8.5.2-0
- Ensure that facts are properly confined
- Utilize the new simplib__auditd fact
* Mon Jul 13 2020 Adam Yohrling <[email protected]> - 8.5.1-0
- Add `built_in` audit profile to the subsystem that provides ability
to include and manage sample rulesets to be compiled into active rules
* Wed Jun 24 2020 Trevor Vaughan <[email protected]> - 8.5.1-0
- Added a File statement for /etc/audit/audit.rules.prev to prevent unnecessary
flapping
- Ensure that the inspec tests don't run if there isn't a profile available
- Ensure that kmod is audited in all STIG modes on EL7+
* Mon Jun 15 2020 Jan Fickler <[email protected]> - 8.5.1-0
- Fix regex substitution for bad path characters
* Thu Oct 31 2019 Trevor Vaughan <[email protected]> - 8.5.0-0
- Allow users to knockout entries from arrays specified in Hiera
- Multiple rules added based on best practices mostly pulled from
/usr/share/doc/auditd:
- Audit 32 bit operations on 64 bit systems
- Audit calls to the auditd CLI commands
- Audit IPv4 and IPv6 inbound connections
- Optionally audit IPv4 and IPv6 outbound connections
- Audit suspicious applications
- Audit systemd
- Audit the auditd configuration space
- Ignore time daemon logs (clutter)
- Ignore CRYPTO_KEY_USER logs (clutter)
- Add ability to set the backlog_wait_time
- Set loginuid_immutable
* Thu Oct 24 2019 Jeanne Greulich <[email protected]> - 8.5.0-0
- Set defaults for syslog parameters if auditd version is unknown.
- Added support for auditd v3.0 which is used by RedHat 8.
- A fact that determines the major version of auditd that is running on the system
was added, auditd_major_version. This is used in hiera.yaml hierarchy to add
module data specific to the versions.
- Most of the changes in auditd v3.0 were related to how the plugins are handled but there
are a few new parameters added to auditd.conf. They were set to their
defaults according to man of auditd.conf.
- Auditd V3.0 moved the handling of plugins into auditd from audispd.
The following changes were made to accommodate that:
- To make sure the parameters used to handle plugins where defined in
one place no matter what version of auditd was used,
they were moved to init.pp and referenced from there by the audisp manifest.
For backwards compatibility, they remain in audisp.conf and are aliased in
the hiera module data.
- For backwards compatibility auditd::syslog remains defaulting to the
value of simp_options::syslog although the two are not really the same thing.
You might want to review this setting and set auditd::syslog to a setting that
is appropriate for your system.
- To enable auditd logging to syslog set the following in hiera:
auditd::syslog: true
auditd::config::audisp::syslog::enable: true.
# The drop_audit_logs is still there for backwards compatibility and
# needs to be disabled.
auditd::config::audisp::syslog::drop_audit_logs: false
- To stop auditd logging to syslog set the following in hiera:
auditd::syslog: true
auditd::config::plugins::syslog::enable: false.
Setting auditd::syslog to false will stop Puppet from managing the syslog.conf,
it will not disable auditd logging to syslog.
been removed. Disable the syslog plugin as described above.
- The settings for syslog.conf were updated and to work for new and old
versions of auditd.
- Added installation of audisp-syslog package when using auditd v3.
Mon Aug 19 2019 Robert Vincent <[email protected]> - 8.4.1-0
- Add rules to monitor /usr/share/selinux
* Fri Jul 05 2019 Steven Pritchard <[email protected]> - 8.4.0-0
- Add v2 compliance_markup data
* Tue Jun 25 2019 Trevor Vaughan <[email protected]> - 8.3.2-0
- Fix an issue where trailing newlines may not be present on custom rule
profiles, particularly with rules defined in an Array.
* Thu May 02 2019 Liz Nemsick <[email protected]> - 8.3.1-0
- Fix a breaking change inadvertantly introduced into auditd::rule
in which the auditd class was no longer included when an auditd::rule
was defined in a manifest.
* Thu Apr 25 2019 Trevor Vaughan <[email protected]> - 8.3.0-0
- Added a `custom` audit profile that accepts either an Array of rules or a
template path for ease of setting full rulesets via Hiera.
- Updated all module components for `puppet strings`
- Fixed the README
- Added a REFERENCE.md
- Refactored the filename logic in the base profiles to be simpler
- Converted the rule template to EPP
- Converted the rotated_audit_logs template to EPP
- Converted STIG audit profile template to EPP
- Converted SIMP audit profile template to EPP
* Wed Apr 10 2019 Joseph Sharkey <[email protected]> - 8.2.1-0
- Ensure that space_left is always larger than admin_space_left
- Updated tests in support of puppet6, and removed puppet4 support
- Updated puppet template scope API from 3 to newer
* Sat Apr 06 2019 Jim Anderson <[email protected]> - 8.2.1-0
- config.pp now managed /etc/audit in addition to /etc/audit/rules.d.
The permissions and ownership of the two directories should be the
same. Both directories use purge and recurse.
* Tue Mar 19 2019 Liz Nemsick <[email protected]> - 8.2.1-0
- Use Puppet Integer in lieu of simplib's deprecated Puppet 3 to_integer
- Expanded the upper limit of the stdlib Puppet module version
- Updated a URL in the README.md
* Tue Jan 15 2019 Trevor Vaughan <[email protected]> - 8.2.0-0
- Allow users to optimize their audit processing by only collecting on specific
SELinux types
* Fri Jan 11 2019 Adam Yohrling <[email protected]> - 8.2.0-0
- Add restorecon audit for STIG profile
* Fri Nov 16 2018 Trevor Vaughan <[email protected]> - 8.2.0-0
- Update to remove potentially redundant test code and use the updated
simp-beaker-helpers
* Thu Nov 15 2018 Mark Leary <[email protected]> - 8.1.1-0
- Revert back to using the native service provider for the auditd service since
puppet fixed the service handling.
* Wed Oct 31 2018 Trevor Vaughan <[email protected]> - 8.1.0-0
- Allow users to opt-out of hooking the audit dispatchers into the SIMP rsyslog
module using `auditd::config::audisp::syslog::rsyslog = false` or,
alternatively, setting `simp_options::syslog = false`.
- Add a `write_logs` opttion to the `auditd_class` and multiplex between the
`log_format = NOLOG` setting and `write_logs = false` since there were
breaking changes in these settings after `auditd` version `2.6.0`.
- Add support for `log_format = ENHANCED` for `auditd` version >= `2.6.0`.
Older versions will simply fall back to `RAW`.
* Tue Oct 16 2018 Nick Markowski <[email protected]> - 8.1.0-0
- Removed unnecessary dependencies from metadata.json. Now, when users install
auditd stand-alone i.e. `puppet module install`, they will not have
extraneous modules clutter their environment.
- herculesteam/augeasproviders_grub
- simp/rsyslog
* Fri Oct 12 2018 Nick Miller <[email protected]> - 8.1.0-0
- Changed the $package_ensure parameter from 'latest' to 'installed'
- It will also respect `simp_options::package_ensure`
* Fri Sep 07 2018 Liz Nemsick <[email protected]> - 8.1.0-0
- Update Hiera 4 to Hiera 5
* Fri Jul 27 2018 Brandon Ess <[email protected]> - 8.1.0-0
- Align group ownership of the auditd log directories with the setting for
auditd itself so that the designated group can access the log files.
* Fri Jul 13 2018 Trevor Vaughan <[email protected]> - 8.1.0-0
- Updated to work with Puppet 5 and OEL
* Fri Jul 06 2018 Trey Dockendorf <[email protected]> - 8.0.1-0
- Allow lowercase values for several parameters in accordance with the man
pages and SCAP expectations.
* Thu Jun 21 2018 Liz Nemsick <[email protected]> - 8.0.0-0
- Added ability to select one or more audit profiles. When multiple
profiles are selected, their rules are effectively concatenated in
the order in which the profiles are listed in
auditd::default_audit_profiles.
- The following API Changes were made in support of multiple audit
profiles:
- $::auditd::$default_audit_profile has been deprecated by
$::auditd::$default_audit_profiles
- auditd::config and auditd::config::audit_profiles::simp classes are
now private. In the unlikely event that you included just these
classes in your manifest, you must now include auditd instead.
- The following auditctl global configuration options that were in
auditd::config::audit_profiles::simp are now in the auditd class,
instead: $ignore_errors, $ignore_anonymous, $ignore_system_services,
and $ignore_crond. They were moved because they are now applied to
the set of audit profiles selected, not just the 'simp' audit
profile.
- The following auditd::config::audit_profiles::simp class parameters
have been deprecated for clarity:
- $audit_sudoers has been deprecated by $audit_cfg_sudoers
- $audit_sudoers_tag has been deprecated by $audit_cfg_sudoers
- $audit_grub has been deprecated by $audit_cfg_grub
- $audit_grub_tag has been deprecated by $audit_cfg_grub_tag
- $audit_yum has been deprecated by $audit_cfg_yum
- $audit_yum_tag has been deprecated by $audit_cfg_yum_tag
- Some previously hard-coded, internal configuration is now exposed
as data-in-modules.
- Added 'stig' audit profile which manages rules that match DISA STIG
checks, exactly.
- For executables explicitly listed in the RHEL7 STIG, includes watchs
for binaries in the real paths (/usr/bin, /usr/sbin) and linked paths
(/bin, /sbin). This is to address inconsistencies among the STIG and
the Inspec and OSCAP scans. (All should use the real paths, but don't.)
- Fixed bugs in 'simp' audit profile
- Fixed umask syscall rules. These rules require arch filters.
- Fixed clock_settime syscall rules. Per the sample STIG audit rules
packaged in the auditd RPM, these rules require an 'a0' filter.
- Fixed bug in which /var/log/tallylog was grouped with session
instead of logins.
- Fixed bug in which the /etc/pam.d watch rule had the wrong tag
- Updated 'simp' audit profile settings for DISA STIG.
- Expanded the list of successful syscall operations audited.
- Expanded the list of module syscall operations audited
- Added an option to monitor selinux commands, (i.e., chcon,
semanage, setfiles, setsebool)
- Added an option to audit the execution of password commands
('passwd', 'unix_chkpwd', 'gpasswd', 'chage', 'userhelper')
- Added an option to audit the execution of privilege-related
commands ('su', 'sudo', 'newgrp', 'chsh', 'sudoedit')
- Added an option to audit the execution of postfix-related commands
('postdrop', 'postqueue')
- Added an option to audit the execution of the 'ssh-keysign' command
- Added an option to audit the execution of the 'crontab' command
- Added an option to audit the execution of the 'pam_timestamp_check'
command
- Added an option to audit the execution of rename/remove operations
for non-service users (rename', 'renameat', rmdir', 'unlink', and
'unlinkat')
- Added watch rules for /etc/hostname and /etc/NetworkManager (for
centos7) pulled from the sample STIG audit rules packaged in the
auditd RPM.
- For executables explicitly listed in the RHEL7 STIG, includes watchs
for binaries in the real paths (/usr/bin, /usr/sbin) and linked paths
(/bin, /sbin). This is to address inconsistencies among the STIG and
the Inspec and OSCAP scans. (All should use the real paths, but don't.)
* Mon Mar 26 2018 Liz Nemsick <[email protected]> - 7.1.3-0
- Work around RPM upgrade issue with nodeset link in compliance
acceptance test suite.
* Tue Jan 09 2018 Nick Markowski <[email protected]> - 7.1.3-0
- Updated compliance suite to use new inspec profile,
https://github.com/simp/inspec-profile-disa_stig-el7
- Removed the el6 nodeset from the compliance suite; there are no
simp-supported el6 inspec profiles at this time.
- Ensured git installed as it's a dependency of our inspec profiles
* Mon Nov 13 2017 Nick Miller <[email protected]> - 7.1.2-0
- /var/run/faillock should be tagged under 'login'
* Thu Aug 31 2017 Trevor Vaughan <[email protected]> - 7.1.1-0
- Adjust audit.rules mode per inspec testing
* Mon Aug 21 2017 Trevor Vaughan <[email protected]> - 7.1.0-0
- Updated to use augeasproviders_grub 3
- Added the ability to log calls to the 'rpm' and 'yum' commands
* Mon May 22 2017 Liz Nemsick <[email protected]> - 7.0.2-0
- Fix bug whereby audit.rules file was not being regenerated prior
to auditd service start in CentOS/RedHat 6.
- Update puppet version in metadata.json
* Mon Mar 27 2017 Nicholas Hughes <[email protected]> - 7.0.1-0
- Audit kernel module tools from /usr/bin as well as /bin and /sbin
- Correct auditing /var/log/tallylock, it should have been /var/log/tallylog
* Thu Feb 22 2017 Trevor Vaughan <[email protected]> - 7.0.1-0
- Changed auditd::failure_mode to '1' by default since the compliant audit
rules were causing routine system restarts. The new value will default to
sending printk messages when the buffer is full.
- Changed all rules that were exit,always to be always,exit
* Tue Jan 12 2017 Trevor Vaughan <[email protected]> - 7.0.0-0
- In response to the DISA STIG Requirements
- Added 'open_by_handle_at' to the 'access' key
- Added watches on /varlog/faillock and /var/log/tallylock
- Added watches on /usr/sbin/insmod and /bin/kmod
- Added permissions modification notification for 'chmod'
- Renamed auditd::add_rules to auditd::rule
- Split the audit permissions rules into separate lines
- Disabled chmod auditing by default
* Mon Dec 26 2016 Ralph Wright <[email protected]> - 7.0.0-0
* Mon Dec 26 2016 Trevor Vaughan <[email protected]> - 7.0.0-0
- Refactor to work in Puppet 4 Changes
- Updated acceptance tests
* Mon Dec 12 2016 Liz Nemsick <[email protected]> - 7.0.0-0
- Update version to reflect SIMP6 dependencies
* Fri Dec 09 2016 Nick Markowski <[email protected]> - 7.0.0-0
- Updated global catalysts
- Changed default log facility to local5.
- Added a drop rule for crond events
* Tue Nov 22 2016 Chris Tessmer <[email protected]> - 5.1.2-0
- Minor cleanup
* Mon Sep 26 2016 Jeanne Greulich, Liz Nemsick - 5.1.0-0
- Allow user to specify syslog facility and priority for audit record
messages.
- Allow user to enable/disable audit record syslog messaging independent
of the presence of forwarding logging servers.
- Added a file resource to detect and fix incorrect permissions on the
/var/log/audit/audit.log file.
* Mon Aug 29 2016 Ralph Wright <[email protected]> - 5.0.4-0
- Added booleans to toggle sections of audit rules.
* Tue Jul 26 2016 Lucas Yamanishi <[email protected]> - 5.0.3-0
- Fix for strict_variables failure
* Wed Jul 06 2016 Nick Markowski <[email protected]> - 5.0.2-0
- Added a default audit rule for 'renameat', per CCE-26651-0.
- Added an auditd_version fact.
- Updated validation for *_action lists to differentiate between
auditd versions.
- Updated module to use new rake helper to auto-gen .spec file.
* Thu May 19 2016 nicholasmhughes <[email protected]> - 5.0.1-0
- Change `btmp` and `wtmp` locations to `/var/log`
- Support dynamic audit log locations
* Thu Feb 18 2016 Ralph Wright <[email protected]> - 5.0.0-4
- Added compliance function support
* Thu Dec 24 2015 Trevor Vaughan <[email protected]> - 5.0.0-3
- Ensure that the ::auditd::add_rules define does not run if
$::auditd::enable_auditing is false.
* Thu Nov 19 2015 Chris Tessmer <[email protected]> - 5.0.0-2
- Full migration to `simplib`, removed `common` and `functions`.
* Mon Nov 09 2015 Chris Tessmer <[email protected]> - 5.0.0-1
- migration to simplib and simpcat (lib/ only)
* Tue Oct 20 2015 Trevor Vaughan <[email protected]> - 5.0.0-0
- Module refactor to the new SIMP standard
- Fixes for the audit dispatcher and syslog connections
* Mon Sep 07 2015 Chris Tessmer <[email protected]> - 4.1.0-13
- Updated facts from $::lsbmajdistrelease to $::operatingsystemmajrelease.
* Tue Jul 21 2015 Kendall Moore <[email protected]> - 4.1.0-12
- Updated to use the new rsyslog module.
* Thu Feb 19 2015 Trevor Vaughan <[email protected]> - 4.1.0-11
- Migrated to the new 'simp' environment.
* Fri Jan 16 2015 Trevor Vaughan <[email protected]> - 4.1.0-10
- Changed puppet-server requirement to puppet
* Wed Nov 19 2014 Trevor Vaughan <[email protected]> - 4.1.0-9
- Updated auditd::to_syslog to support multiple log servers and
support for native TLS.
* Sat Sep 06 2014 Trevor Vaughan <[email protected]> - 4.1.0-8
- Fixed a missing rule for RHEL<7 that did not properly drop all of
the useless audit data.
* Sat Aug 23 2014 Trevor Vaughan <[email protected]> - 4.1.0-7
- Updated to use the new reboot_notify native type.
* Sun Jul 13 2014 Trevor Vaughan <[email protected]> - 4.1.0-6
- Updated to support both grub and grub2
- Fixed a bug in the audit ruleset where the initial drop rule was set to drop
everything that was *not* anonymous.
- Added support for /etc/audit/rules.d for RHEL7 systems.
* Sun Jun 22 2014 Kendall Moore <[email protected]> - 4.1.0-5
- Removed MD5 file checksums for FIPS compliance.
* Fri Jun 20 2014 Trevor Vaughan <[email protected]> - 4.1.0-5
- Pointed concat fragment auditd+head at the correct template!
- Updated to support RHEL7
* Wed May 21 2014 Kendall Moore <[email protected]> - 4.1.0-4
- Added the ability to put rules before the default rule body in audit.rules.
- Added validation to add_rules.pp.
* Fri Mar 28 2014 Trevor Vaughan <[email protected]> - 4.1.0-3
- The template for auditing the rotated audit logs had a one-off error
preventing the audit of the last rotated log.
- Spec tests were added.
* Fri Mar 14 2014 Kendall Moore <[email protected]> - 4.1.0-2
- Added class for auditing grub.
* Thu Feb 13 2014 Kendall Moore <[email protected]> - 4.1.0-1
- Converted all string booleans to native booleans.
* Mon Nov 04 2013 Trevor Vaughan <[email protected]> - 4.1.0-0
- Added support for audispd based on patches provided by Raymond Page
- Removed the old rsyslog file tap on audit.log.
- Folded the auditd::conf define into the auditd main class since
parameterized classes eliminate the need for the define.
* Breaking Change
* Mon Oct 28 2013 Trevor Vaughan <[email protected]> - 4.0.0-11
- Updated the audit base rules to compress and reorder many of the rules to
allow for greater processing efficiency.
- Added checks for kernel module manipulation in accordance with
CCE-26610-6.
- Mapped all audit rules to their associated SSG rules in the file
template.
* Thu Oct 03 2013 Nick Markowski <[email protected]> - 4.0.0-11
- Updated templates to reference instance variables with @
* Wed Jul 17 2013 Trevor Vaughan <[email protected]> - 4.0.0-10
- Removed the sgid binary check in the audit rules because it doesn't
actually make any sense.
* Thu Jun 27 2013 Trevor Vaughan <[email protected]> - 4.0.0-9
- Added audit rules to catch the execution of sgid and suid binaries.
- Added the ability to rate limit the auditd messages. If you use this, you
probably want to change the failure mode to 1.
- Added the ability to ignore failures in the audit configuration and continue
and set it to true by default. Since the rules are automatically managed, the
likelihood of one being wrong is fairly high. Also, rules will fail if a file
doesn't exist which isn't all that helpful.
- Removed the watch on /proc/kcore since it wasn't really helpful and was
throwing SELinux AVC's on startup.
- Added default auditing to /etc/yum.conf and /etc/yum.repos.d
* Tue Apr 09 2013 Trevor Vaughan <[email protected]> - 4.0.0-8
- Skip any rule that does not load properly so that we have as much of the
configuration active as possible.
* Thu Dec 13 2012 Trevor Vaughan <[email protected]> - 4.0.0-7
- Updated to require pupmod-common >= 2.1.1-2 so that upgrading an old
system works properly.
* Fri Nov 30 2012 Trevor Vaughan <[email protected]> - 4.0.0-6
- Added a cucumber test to ensure that the auditd daemon starts when including
audit in the puppet server manifest.
* Tue Sep 18 2012 Trevor Vaughan <[email protected]> - 4.0.0-5
- Updated all references of /etc/modprobe.conf to /etc/modprobe.d/00_simp_blacklist.conf
as modprobe.conf is now deprecated.
* Thu Jun 07 2012 Trevor Vaughan <[email protected]> - 4.0.0-4
- Ensure that Arrays in templates are flattened.
- Call facts as instance variables.
- Moved mit-tests to /usr/share/simp...
- Moved rsyslog module inclusion from init.pp to to_syslog.pp where it is used.
- Updated pp files to better meet Puppet's recommended style guide.
* Fri Mar 02 2012 Trevor Vaughan <[email protected]> - 4.0.0-3
- Improved test stubs.
* Mon Jan 30 2012 Trevor Vaughan <[email protected]> - 4.0.0-2
- Removed all references to 'entry' rules since they are deprecated.
- Removed the watch rule for /etc/firmware since it was removed in RHEL6 and
pretty much useless anyway.
- Added test stubs
* Mon Dec 26 2011 Trevor Vaughan <[email protected]> - 4.0.0-1
- Scoped all of the top level variables.
* Fri Oct 28 2011 Trevor Vaughan <[email protected]> - 4.0.0-0
- Removed the base audit of /etc/ldap.conf since it was redundant.
* Mon Oct 10 2011 Trevor Vaughan <[email protected]> - 2.0.0-3
- Updated to put quotes around everything that need it in a comparison
statement so that puppet > 2.5 doesn't explode with an undef error.
* Thu Mar 17 2011 Trevor Vaughan <[email protected]> - 2.0.0-2
- Modified several audit rules to be a bit more complete and to conform to some
of the Red Hat syntax standards.
* Fri Feb 11 2011 Trevor Vaughan <[email protected]> - 2.0.0-1
- Updated to use concat_build and concat_fragment types.
* Tue Jan 11 2011 Trevor Vaughan <[email protected]> - 2.0.0-0
- Refactored for SIMP-2.0.0-alpha release
* Tue Oct 26 2010 Trevor Vaughan <[email protected]> - 1-2
- Converting all spec files to check for directories prior to copy.
* Wed Jul 28 2010 Trevor Vaughan <[email protected]> - 1.0-1
- More code refactoring
- Made log_file configurable in to_syslog define.
* Wed May 19 2010 Trevor Vaughan <[email protected]> - 1.0-0
- Code + doc refactor
* Wed May 12 2010 Trevor Vaughan <[email protected]> - 0.1-12
- Added the option $root_audit_level to auditd::conf
- The allowed strings are basic(default), aggressive, insane
- Basic(default): Safe, should not follow program execution outside of the base app
- Aggressive: Adds execve
- Insane: Adds fork, vfork, write, chown, creat, link, mkdir, rmdir
* Fri Feb 19 2010 Trevor Vaughan <[email protected]> - 0.1-11
- Removed watch on /etc. That was a very bad rule.
* Tue Dec 15 2009 Trevor Vaughan <[email protected]> - 0.1-10
- Audit rules now properly handle 64 and 32 bit architectures (for now).
Previously, the 64 bit calls were not handled properly.