diff --git a/CHANGELOG b/CHANGELOG index 30537a18..64eb6bee 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +* Wed Jul 03 2024 Steven Pritchard - 8.14.1 +- Clean up legacy fact usage for Puppet 8 compatibility + * Wed Nov 22 2023 ben - 8.14.0 - (SIMP-10744) Add purge behaviour for auditd rules diff --git a/metadata.json b/metadata.json index 27d7affc..2da9e658 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "simp-auditd", - "version": "8.14.0", + "version": "8.14.1", "author": "SIMP Team", "summary": "A SIMP puppet module for managing auditd and audispd", "license": "Apache-2.0", diff --git a/spec/acceptance/suites/default/00_base_spec.rb b/spec/acceptance/suites/default/00_base_spec.rb index b751e483..80e43a2b 100644 --- a/spec/acceptance/suites/default/00_base_spec.rb +++ b/spec/acceptance/suites/default/00_base_spec.rb @@ -9,8 +9,8 @@ { 'simp_options::syslog' => true, 'pki::cacerts_sources' => ['file:///etc/pki/simp-testing/pki/cacerts'] , - 'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem", - 'pki::public_key_source' => "file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub", + 'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem", + 'pki::public_key_source' => "file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub", 'rsyslog::config::main_msg_queue_size' => 4321, } } diff --git a/spec/acceptance/suites/default/10_alt_audit_profiles_spec.rb b/spec/acceptance/suites/default/10_alt_audit_profiles_spec.rb index 8a532233..52d11603 100644 --- a/spec/acceptance/suites/default/10_alt_audit_profiles_spec.rb +++ b/spec/acceptance/suites/default/10_alt_audit_profiles_spec.rb @@ -12,8 +12,8 @@ let(:hieradata) { { 'pki::cacerts_sources' => ['file:///etc/pki/simp-testing/pki/cacerts'] , - 'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem", - 'pki::public_key_source' => "file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub", + 'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem", + 'pki::public_key_source' => "file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub", } } diff --git a/spec/acceptance/suites/default/20_built_in_audit_profile_spec.rb b/spec/acceptance/suites/default/20_built_in_audit_profile_spec.rb index 91783d2d..afa18288 100644 --- a/spec/acceptance/suites/default/20_built_in_audit_profile_spec.rb +++ b/spec/acceptance/suites/default/20_built_in_audit_profile_spec.rb @@ -12,8 +12,8 @@ let(:hieradata) { { 'pki::cacerts_sources' => ['file:///etc/pki/simp-testing/pki/cacerts'] , - 'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem", - 'pki::public_key_source' => "file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub", + 'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem", + 'pki::public_key_source' => "file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub", } } diff --git a/spec/acceptance/suites/default/90_disable_audit_spec.rb b/spec/acceptance/suites/default/90_disable_audit_spec.rb index 36e94e80..1fe231aa 100644 --- a/spec/acceptance/suites/default/90_disable_audit_spec.rb +++ b/spec/acceptance/suites/default/90_disable_audit_spec.rb @@ -9,8 +9,8 @@ --- pki::cacerts_sources: - 'file:///etc/pki/simp-testing/pki/cacerts' - pki::private_key_source: 'file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem' - pki::public_key_source: 'file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub' + pki::private_key_source: 'file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem' + pki::public_key_source: 'file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub' HIERA } @@ -19,8 +19,8 @@ --- pki::cacerts_sources: - 'file:///etc/pki/simp-testing/pki/cacerts' - pki::private_key_source: 'file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem' - pki::public_key_source: 'file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub' + pki::private_key_source: 'file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem' + pki::public_key_source: 'file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub' auditd::enable: false HIERA } diff --git a/spec/acceptance/suites/default/99_disable_audit_kernel_spec.rb b/spec/acceptance/suites/default/99_disable_audit_kernel_spec.rb index b9918825..fcc70501 100644 --- a/spec/acceptance/suites/default/99_disable_audit_kernel_spec.rb +++ b/spec/acceptance/suites/default/99_disable_audit_kernel_spec.rb @@ -10,16 +10,16 @@ let(:enable_hieradata) { { 'pki::cacerts_sources' => ['file:///etc/pki/simp-testing/pki/cacerts'] , - 'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem", - 'pki::public_key_source' => "file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub", + 'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem", + 'pki::public_key_source' => "file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub", } } let(:disable_hieradata) { { 'pki::cacerts_sources' => ['file:///etc/pki/simp-testing/pki/cacerts'] , - 'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem", - 'pki::public_key_source' => "file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub", + 'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem", + 'pki::public_key_source' => "file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub", 'auditd::at_boot' => false } } diff --git a/spec/classes/config/grub_spec.rb b/spec/classes/config/grub_spec.rb index f7844096..36b10951 100644 --- a/spec/classes/config/grub_spec.rb +++ b/spec/classes/config/grub_spec.rb @@ -5,7 +5,7 @@ on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do - if ['RedHat','CentOS'].include?(facts[:operatingsystem]) && facts[:operatingsystemmajrelease].to_s < '7' + if ['RedHat','CentOS'].include?(facts[:os][:name]) && facts[:os][:release][:major].to_s < '7' facts[:apache_version] = '2.2' facts[:grub_version] = '0.9' else diff --git a/templates/rule_profiles/common/default_drop.epp b/templates/rule_profiles/common/default_drop.epp index b665b77a..5e0d953b 100644 --- a/templates/rule_profiles/common/default_drop.epp +++ b/templates/rule_profiles/common/default_drop.epp @@ -17,7 +17,7 @@ <% } -%> <% if $::auditd::ignore_time_daemons { -%> # Time daemons can be quite noisy -<% if $facts['hardwaremodel'] == 'x86_64' { -%> +<% if $facts['os']['hardware'] == 'x86_64' { -%> <% if ($facts['os']['release']['major'] > '6') or (($facts['os']['name'] == 'Amazon') and ($facts['os']['release']['major'] < '3')) { -%> -a never,exit -F arch=b64 -S adjtimex -F auid=-1 -F uid=chrony -F subj_type=chronyd_t <% } -%> diff --git a/templates/rule_profiles/simp/base.epp b/templates/rule_profiles/simp/base.epp index 714772fb..0d454485 100644 --- a/templates/rule_profiles/simp/base.epp +++ b/templates/rule_profiles/simp/base.epp @@ -6,23 +6,23 @@ <% } -%> <% if $auditd::config::audit_profiles::simp::audit_network_ipv4_accept { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S accept -F a0=2 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv4_accept_tag %> <% } -%> <% } -%> <% if $auditd::config::audit_profiles::simp::audit_network_ipv6_accept { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S accept -F a0=10 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv6_accept_tag %> <% } -%> <% } -%> <% if $auditd::config::audit_profiles::simp::audit_network_ipv4_connect { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S connect -F a0=2 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv4_connect_tag %> <% } -%> -a always,exit -F arch=b32 -S connect -F a0=2 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv4_connect_tag %> <% } -%> <% if $auditd::config::audit_profiles::simp::audit_network_ipv6_connect { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S connect -F a0=10 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv6_connect_tag %> <% } -%> -a always,exit -F arch=b32 -S connect -F a0=10 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv6_connect_tag %> @@ -30,7 +30,7 @@ <% if $auditd::config::audit_profiles::simp::audit_unsuccessful_file_operations { -%> ## Audit unsuccessful file operations -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S creat,mkdir,mknod,link,symlink,mkdirat,mknodat,linkat,symlinkat,openat,open_by_handle_at,open,close,rename,renameat,truncate,ftruncate,rmdir,unlink,unlinkat -F exit=-EACCES -k <%= $auditd::config::audit_profiles::simp::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b64 -S creat,mkdir,mknod,link,symlink,mkdirat,mknodat,linkat,symlinkat,openat,open_by_handle_at,open,close,rename,renameat,truncate,ftruncate,rmdir,unlink,unlinkat -F exit=-EPERM -k <%= $auditd::config::audit_profiles::simp::audit_unsuccessful_file_operations_tag %> <% } -%> @@ -160,21 +160,21 @@ ## Permissions auditing separated by chown, chmod, and attr <% if $auditd::config::audit_profiles::simp::audit_chown { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -k <%= $auditd::config::audit_profiles::simp::audit_chown_tag %> <% } -%> -a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -k <%= $auditd::config::audit_profiles::simp::audit_chown_tag %> <% } -%> <% if $auditd::config::audit_profiles::simp::audit_chmod { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -k <%= $auditd::config::audit_profiles::simp::audit_chmod_tag %> <% } -%> -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -k <%= $auditd::config::audit_profiles::simp::audit_chmod_tag %> <% } -%> <% if $auditd::config::audit_profiles::simp::audit_attr { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -k <%= $auditd::config::audit_profiles::simp::audit_attr_tag %> <% } -%> -a always,exit -F arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -k <%= $auditd::config::audit_profiles::simp::audit_attr_tag %> @@ -182,7 +182,7 @@ <% if $auditd::config::audit_profiles::simp::audit_rename_remove { -%> ## Audit rename/removal operations -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S rename,renameat,rmdir,unlink,unlinkat -F perm=x -k <%= $auditd::config::audit_profiles::simp::audit_rename_remove_tag %> <% } -%> -a always,exit -F arch=b32 -S rename,renameat,rmdir,unlink,unlinkat -F perm=x -k <%= $auditd::config::audit_profiles::simp::audit_rename_remove_tag %> @@ -201,7 +201,7 @@ } -%> ## Audit useful items that someone does when su'ing to root. -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -F auid!=0 -F uid=0 -S <%= $_su_rules %> -k <%= $auditd::config::audit_profiles::simp::audit_su_root_activity_tag %> <% } -%> -a always,exit -F arch=b32 -F auid!=0 -F uid=0 -S <%= $_su_rules %> -k <%= $auditd::config::audit_profiles::simp::audit_su_root_activity_tag %> @@ -209,7 +209,7 @@ <% if $auditd::config::audit_profiles::simp::audit_suid_sgid { -%> ## Audit the execution of suid and sgid binaries. -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k <%= $auditd::config::audit_profiles::simp::audit_suid_sgid_tag %> -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k <%= $auditd::config::audit_profiles::simp::audit_suid_sgid_tag %> <% } -%> @@ -236,7 +236,7 @@ <% } -%> -w /sbin/modprobe -p x -k <%= $auditd::config::audit_profiles::simp::audit_kernel_modules_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S create_module,init_module,finit_module,delete_module -k <%= $auditd::config::audit_profiles::simp::audit_kernel_modules_tag %> <% } -%> -a always,exit -F arch=b32 -S create_module,init_module,finit_module,delete_module -k <%= $auditd::config::audit_profiles::simp::audit_kernel_modules_tag %> @@ -244,7 +244,7 @@ <% if $auditd::config::audit_profiles::simp::audit_time { -%> ## Audit things that could affect time -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S adjtimex,settimeofday -k <%= $auditd::config::audit_profiles::simp::audit_time_tag %> -a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -k <%= $auditd::config::audit_profiles::simp::audit_time_tag %> <% } -%> @@ -256,7 +256,7 @@ <% if $auditd::config::audit_profiles::simp::audit_locale { -%> ## Audit things that could affect system locale -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S sethostname,setdomainname -k <%= $auditd::config::audit_profiles::simp::audit_locale_tag %> <% } -%> -a always,exit -F arch=b32 -S sethostname,setdomainname -k <%= $auditd::config::audit_profiles::simp::audit_locale_tag %> @@ -273,12 +273,12 @@ <% if $auditd::config::audit_profiles::simp::audit_mount { -%> ## Audit mount operations -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S mount,umount2 -k <%= $auditd::config::audit_profiles::simp::audit_mount_tag %> <% } -%> -a always,exit -F arch=b32 -S mount,umount,umount2 -k <%= $auditd::config::audit_profiles::simp::audit_mount_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> <% if ($facts['os']['release']['major'] > '6') or (($facts['os']['name'] == 'Amazon') and ($facts['os']['release']['major'] < '3')) { -%> -a always,exit -F arch=b64 -F path=/usr/bin/mount -k <%= $auditd::config::audit_profiles::simp::audit_mount_tag %> <% } -%> @@ -297,7 +297,7 @@ ## Audit umask changes. # This is uselessly noisy in most cases -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S umask -k <%= $auditd::config::audit_profiles::simp::audit_umask_tag %> <% } -%> -a always,exit -F arch=b32 -S umask -k <%= $auditd::config::audit_profiles::simp::audit_umask_tag %> @@ -452,7 +452,7 @@ -w /bin/rpm -p x -k <%= $auditd::config::audit_profiles::simp::audit_rpm_cmd_tag %> <% } -%> <% if $auditd::config::audit_profiles::simp::audit_ptrace { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S ptrace -F a0=0x4 -k <%= $auditd::config::audit_profiles::simp::audit_ptrace_tag %>_code_injection -a always,exit -F arch=b64 -S ptrace -F a0=0x5 -k <%= $auditd::config::audit_profiles::simp::audit_ptrace_tag %>_data_injection -a always,exit -F arch=b64 -S ptrace -F a0=0x6 -k <%= $auditd::config::audit_profiles::simp::audit_ptrace_tag %>_register_injection @@ -464,7 +464,7 @@ -a always,exit -F arch=b32 -S ptrace -k <%= $auditd::config::audit_profiles::simp::audit_ptrace_tag %> <% } -%> <% if $auditd::config::audit_profiles::simp::audit_personality { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S personality -k <%= $auditd::config::audit_profiles::simp::audit_personality_tag %> <% } -%> -a always,exit -F arch=b32 -S personality -k <%= $auditd::config::audit_profiles::simp::audit_personality_tag %> diff --git a/templates/rule_profiles/stig/base.epp b/templates/rule_profiles/stig/base.epp index ce67e824..64d05a02 100644 --- a/templates/rule_profiles/stig/base.epp +++ b/templates/rule_profiles/stig/base.epp @@ -2,42 +2,42 @@ <% if $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations { -%> ## Audit unsuccessful file operations -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> <% } -%> -a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S open -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b64 -S open -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> <% } -%> -a always,exit -F arch=b32 -S open -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b32 -S open -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S openat -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b64 -S openat -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> <% } -%> -a always,exit -F arch=b32 -S openat -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b32 -S openat -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> <% } -%> -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b32 -S open_by_handle_at -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S truncate -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b64 -S truncate -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> <% } -%> -a always,exit -F arch=b32 -S truncate -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b32 -S truncate -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S ftruncate -F exit=-EPERM -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> -a always,exit -F arch=b64 -S ftruncate -F exit=-EACCES -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_unsuccessful_file_operations_tag %> <% } -%> @@ -165,22 +165,22 @@ ## Permissions auditing separated by chown, chmod, and attr <% if $auditd::config::audit_profiles::stig::audit_chown { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S chown -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chown_tag %> <% } -%> -a always,exit -F arch=b32 -S chown -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chown_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S fchown -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chown_tag %> <% } -%> -a always,exit -F arch=b32 -S fchown -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chown_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S lchown -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chown_tag %> <% } -%> -a always,exit -F arch=b32 -S lchown -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chown_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S fchownat -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chown_tag %> <% } -%> -a always,exit -F arch=b32 -S fchownat -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chown_tag %> @@ -188,48 +188,48 @@ <% if $auditd::config::audit_profiles::stig::audit_chmod { -%> -a always,exit -F arch=b64 -S chmod -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chmod_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b32 -S chmod -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chmod_tag %> <% } -%> -a always,exit -F arch=b64 -S fchmod -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chmod_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b32 -S fchmod -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chmod_tag %> <% } -%> -a always,exit -F arch=b64 -S fchmodat -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chmod_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b32 -S fchmodat -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_chmod_tag %> <% } -%> <% } -%> <% if $auditd::config::audit_profiles::stig::audit_attr { -%> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S setxattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> <% } -%> -a always,exit -F arch=b32 -S setxattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S fsetxattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> <% } -%> -a always,exit -F arch=b32 -S fsetxattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S lsetxattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> <% } -%> -a always,exit -F arch=b32 -S lsetxattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S removexattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> <% } -%> -a always,exit -F arch=b32 -S removexattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S fremovexattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> <% } -%> -a always,exit -F arch=b32 -S fremovexattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S lremovexattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> <% } -%> -a always,exit -F arch=b32 -S lremovexattr -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_attr_tag %> @@ -237,27 +237,27 @@ <% if $auditd::config::audit_profiles::stig::audit_rename_remove { -%> ## Audit rename/removal operations -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S rename -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_rename_remove_tag %> <% } -%> -a always,exit -F arch=b32 -S rename -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_rename_remove_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S renameat -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_rename_remove_tag %> <% } -%> -a always,exit -F arch=b32 -S renameat -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_rename_remove_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S rmdir -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_rename_remove_tag %> <% } -%> -a always,exit -F arch=b32 -S rmdir -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_rename_remove_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S unlink -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_rename_remove_tag %> <% } -%> -a always,exit -F arch=b32 -S unlink -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_rename_remove_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S unlinkat -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_rename_remove_tag %> <% } -%> -a always,exit -F arch=b32 -S unlinkat -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_rename_remove_tag %> @@ -265,7 +265,7 @@ <% if $auditd::config::audit_profiles::stig::audit_suid_sgid { -%> ## Audit the execution of suid and sgid binaries. -<% if $facts['hardwaremodel'] == 'x86_64' { -%> +<% if $facts['os']['hardware'] == 'x86_64' { -%> -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k <%= $auditd::config::audit_profiles::stig::audit_suid_tag %> -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k <%= $auditd::config::audit_profiles::stig::audit_sgid_tag %> <% } -%> @@ -297,22 +297,22 @@ <% } -%> -w /sbin/modprobe -p x -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_kernel_modules_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S create_module -F key=<%= $auditd::config::audit_profiles::stig::audit_kernel_modules_tag %> <% } -%> -a always,exit -F arch=b32 -S create_module -F key=<%= $auditd::config::audit_profiles::stig::audit_kernel_modules_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S init_module -F key=<%= $auditd::config::audit_profiles::stig::audit_kernel_modules_tag %> <% } -%> -a always,exit -F arch=b32 -S init_module -F key=<%= $auditd::config::audit_profiles::stig::audit_kernel_modules_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S finit_module -F key=<%= $auditd::config::audit_profiles::stig::audit_kernel_modules_tag %> <% } -%> -a always,exit -F arch=b32 -S finit_module -F key=<%= $auditd::config::audit_profiles::stig::audit_kernel_modules_tag %> -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S delete_module -F key=<%= $auditd::config::audit_profiles::stig::audit_kernel_modules_tag %> <% } -%> -a always,exit -F arch=b32 -S delete_module -F key=<%= $auditd::config::audit_profiles::stig::audit_kernel_modules_tag %> @@ -320,7 +320,7 @@ <% if $auditd::config::audit_profiles::stig::audit_mount { -%> ## Audit mount operations -<% if $facts['hardwaremodel'] == "x86_64" { -%> +<% if $facts['os']['hardware'] == "x86_64" { -%> -a always,exit -F arch=b64 -S mount -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_mount_tag %> <% if ($facts['os']['release']['major'] > '6') or (($facts['os']['name'] == 'Amazon') and ($facts['os']['release']['major'] < '3')) { -%> -a always,exit -F arch=b64 -F path=/usr/bin/mount -F auid>=<%= $auditd::config::audit_profiles::stig::uid_min %> -F auid!=unset -F key=<%= $auditd::config::audit_profiles::stig::audit_mount_tag %>