Skip to content

Release of 8.5.0
Compare
Choose a tag to compare
@simp-auto simp-auto released this 23 Jan 19:56
8.5.0
This tag was signed with the committer’s verified signature.
trevor-vaughan Trevor Vaughan
GPG key ID: 068374774D25AD19
Verified
Learn about vigilant mode.
6900890 
* Thu Oct 31 2019 Trevor Vaughan <[email protected]> - 8.5.0-0
  - Allow users to knockout entries from arrays specified in Hiera
  - Multiple rules added based on best practices mostly pulled from
    /usr/share/doc/auditd:
    - Audit 32 bit operations on 64 bit systems
    - Audit calls to the auditd CLI commands
    - Audit IPv4 and IPv6 inbound connections
    - Optionally audit IPv4 and IPv6 outbound connections
    - Audit suspicious applications
    - Audit systemd
    - Audit the auditd configuration space
    - Ignore time daemon logs (clutter)
    - Ignore CRYPTO_KEY_USER logs (clutter)
    - Add ability to set the backlog_wait_time
    - Set loginuid_immutable

* Thu Oct 24 2019 Jeanne Greulich <[email protected]> - 8.5.0-0
  - Set defaults for syslog parameters if auditd version is unknown.
  - Added support for auditd v3.0 which is used by RedHat 8.
  - A fact that determines the major version of auditd that is running
    on the system
    was added, auditd_major_version.  This is used in hiera.yaml
    hierarchy to add module data specific to the versions.
  - Most of the changes in auditd v3.0 were related to how the plugins
    are handled but there are a few new parameters added to auditd.conf.
    They were set to their defaults according to man of auditd.conf.
  - Auditd V3.0 moved the handling of plugins into auditd from audispd.
    The following changes were made to accommodate that:
    - To make sure the parameters used to handle plugins where defined
      in one place no matter what version of auditd was used, they were
      moved to init.pp and referenced from there by the audisp manifest.
      For backwards compatibility, they remain in audisp.conf and are
      aliased in the hiera module data.
    - For backwards compatibility auditd::syslog remains defaulting to
      the value of simp_options::syslog although the two are not really
      the same thing.  You might want to review this setting and set
      auditd::syslog to a setting that is appropriate for your system.
      - To enable auditd logging to syslog set the following in hiera:
          auditd::syslog: true
          auditd::config::audisp::syslog::enable: true.
          # The drop_audit_logs is still there for backwards
          # compatibility and needs to be disabled.
          auditd::config::audisp::syslog::drop_audit_logs: false
      - To stop auditd logging to syslog  set the following in hiera:
          auditd::syslog: true
          auditd::config::plugins::syslog::enable: false.
      Setting auditd::syslog to false will stop Puppet from managing the
      syslog.conf, it will not disable auditd logging to syslog.
      Disable the syslog plugin as described above.
    - The settings for syslog.conf were updated and to work for new and
      old versions of auditd.
    - Added installation of audisp-syslog package when using auditd v3.

* Mon Aug 19 2019 Robert Vincent <[email protected]> - 8.5.0-0
  - Add rules to monitor /usr/share/selinux
Assets 2
Loading