chef-cookbooks · ressl · Oct 16, 2018 · Oct 16, 2018 · Oct 16, 2018 · Oct 16, 2018
diff --git a/README.md b/README.md
@@ -31,6 +31,7 @@ The OS package provides the client side tools for working with the linux kernel
 
 - node['auditd']['ruleset'] - ruleset to use, either "default" (the default if unset) or one of the provided examples
 - node['auditd']['backlog'] - backlog size, default is 320 should be larger for busy systems
+- node['auditd']['syslog'] - true, false - enable or disable forwarding messeges to syslog
 
 # Usage
 
@@ -67,4 +68,4 @@ Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
-limitations under the License.
+limitations under the License.
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -18,3 +18,4 @@
 
 default['auditd']['ruleset'] = 'default.rules'
 default['auditd']['backlog'] = 320
+default['auditd']['syslog'] = false
diff --git a/libraries/auditd_helper.rb b/libraries/auditd_helper.rb
@@ -41,6 +41,5 @@ def auditd_conffile(conf_file = 'audit.conf')
         '/etc/audit/auditd.conf'
       end
     end
-
   end
 end
diff --git a/recipes/conf.rb b/recipes/conf.rb
@@ -9,3 +9,14 @@
 when 'cis'
   auditd_conf_file 'cis.auditd'
 end
+
+template '/etc/audisp/plugins.d/syslog.conf' do
+  source 'audisp_syslog.conf.erb'
+  owner 'root'
+  group 'root'
+  mode '0640'
+  variables(
+    active: node['auditd']['syslog']
+  )
+  notifies :reload, 'service[auditd]', :delayed
+end
diff --git a/templates/audisp_syslog.conf.erb b/templates/audisp_syslog.conf.erb
@@ -0,0 +1,6 @@
+active = <%= @active ? 'yes' : 'no' %>
+direction = out
+path = builtin_syslog
+type = builtin
+args = LOG_INFO
+format = string
diff --git a/test/integration/cis/run_spec.rb b/test/integration/cis/run_spec.rb
@@ -1,7 +1,6 @@
 # Encoding: UTF-8
 # AuditD CIS - Smoke Test
 
-
 # Service
 describe service('auditd') do
   it { should be_installed }
@@ -12,7 +11,7 @@
 # => Audit Rules should have some Content
 describe file('/etc/audit/audit.rules') do
   it { should be_file }
-  its('content') { should match(%r{-a always,exit -F arch=b32 -S init_module -S delete_module -k modules}) }
+  its('content') { should match(/-a always,exit -F arch=b32 -S init_module -S delete_module -k modules/) }
 end
 
 # => Audit Rules should have some Content
@@ -31,5 +30,5 @@
   it { should be_owned_by 'root' }
   it { should be_grouped_into 'root' }
   its('mode') { should cmp '0640' }
-  its('content') { should match(%r{\# This file is managed using Chef.}) }
+  its('content') { should match(/\# This file is managed using Chef./) }
 end
Original file line number	Diff line number	Diff line change
Expand Up		@@ -18,3 +18,4 @@

		default['auditd']['ruleset'] = 'default.rules'
		default['auditd']['backlog'] = 320
		default['auditd']['syslog'] = false
-Original file line number
+Diff line change
@@ Expand Up / @@ -41,6 +41,5 @@ def auditd_conffile(conf_file = 'audit.conf') @@
             '/etc/audit/auditd.conf'
           end
         end
       end
     end