auditd #1

Description

This subordinate charm installs and configures auditd.

Overview

This subordinate charm installs and configures the auditd package.

The charm can be related to the nrpe or nrpe-external-master charm for a simple check to verify data
is coming to the log.

The charm layer source.

Usage

The charm relates with any principal charm using juju-info interface.
First deploy this charm, then relate it.

juju deploy auditd
juju add-relation primary-charm auditd

A base configuration is included, additional_rules can be specified via the additional_rules
configuration option or through the audit relation interface.

Known Limitations

The audit relation needs more testing and possibly a interface layer to facilitate its use.

The auditd daemon requires special permissions and will not run in an unprivileged container.

Upstream Project

Configuration

max_log_size
(int) Max log size in MB before rotating
10
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-postgresql-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
syslog
(boolean) If true will log to the syslog as well as to /var/log/audit/audit.log
num_logs
(int) The number of rotated logs to keep
5
additional_rules
(string) YAML list of additional auditd rules to add. For example: - "-w /etc/adduser.conf -p wa -k CFG_adduser" - "-w /srv/www/index.html -p wa -k CFG_www"
[]
log_file
(string) Log file
/var/log/audit/audit.log