chef-cookbooks · ressl · Oct 16, 2018 · Oct 16, 2018 · Oct 16, 2018 · Oct 16, 2018
diff --git a/README.md b/README.md
@@ -31,6 +31,7 @@ The OS package provides the client side tools for working with the linux kernel
 
 - node['auditd']['ruleset'] - ruleset to use, either "default" (the default if unset) or one of the provided examples
 - node['auditd']['backlog'] - backlog size, default is 320 should be larger for busy systems
+- node['auditd']['syslog'] - true, false - enable or disable forwarding messages to syslog
 
 # Usage
 
@@ -67,4 +68,4 @@ Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
-limitations under the License.
+limitations under the License.
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -18,3 +18,4 @@
 
 default['auditd']['ruleset'] = 'default.rules'
 default['auditd']['backlog'] = 320
+default['auditd']['syslog'] = false
diff --git a/recipes/conf.rb b/recipes/conf.rb
@@ -9,3 +9,14 @@
 when 'cis'
   auditd_conf_file 'cis.auditd'
 end
+
+template '/etc/audisp/plugins.d/syslog.conf' do
+  source 'audisp_syslog.conf.erb'
+  owner 'root'
+  group 'root'
+  mode '0640'
+  variables(
+    active: node['auditd']['syslog']
+  )
+  notifies :reload, 'service[auditd]', :delayed
+end
diff --git a/templates/audisp_syslog.conf.erb b/templates/audisp_syslog.conf.erb
@@ -0,0 +1,6 @@
+active = <%= @active ? 'yes' : 'no' %>
+direction = out
+path = builtin_syslog
+type = builtin
+args = LOG_INFO
+format = string