This subordinate charm installs and configures auditd.

Overview

This subordinate charm installs and configures the auditd package.

The charm can be related to the nrpe or nrpe-external-master charm for a simple check to verify data
is coming to the log.

The charm layer source.

Usage

The charm relates with any principal charm using juju-info interface.
First deploy this charm, then relate it.

juju deploy auditd
juju add-relation primary-charm auditd

A base configuration is included, additional_rules can be specified via the additional_rules
configuration option or through the audit relation interface.

Known Limitations

The audit relation needs more testing and possibly a interface layer to facilitate its use.

The auditd daemon requires special permissions and will not run in an unprivileged container.

Upstream Project

Configuration

max_log_size
(int)
                            Max log size in MB before rotating
                        
10
nagios_context
(string)
                            Used by the nrpe-external-master subordinate charm.
A string that will be prepended to instance name to set the host name
in nagios. So for instance the hostname would be something like:
    juju-postgresql-0
If you're running multiple environments with the same services in them
this allows you to differentiate between them.

                        
juju
syslog
(boolean)
                            If true will log to the syslog as well as to /var/log/audit/audit.log
                        
num_logs
(int)
                            The number of rotated logs to keep
                        
5
additional_rules
(string)
                            YAML list of additional auditd rules to add. For example:
  - "-w /etc/adduser.conf -p wa -k CFG_adduser"
  - "-w /srv/www/index.html -p wa -k CFG_www"

                        
[]
log_file
(string)
                            Log file
                        
/var/log/audit/audit.log